WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93084 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Computer has been acting irregular.

Started by ROOFIE(MTL) , Jun 24 2013 03:57 PM

This topic is locked

9 replies to this topic

#1 ROOFIE(MTL)

Authentic Member

Authentic Member
130 posts

Posted 24 June 2013 - 03:57 PM

My computer is acting really weird after my wife got a pop up telling her to update here java on facebook. Now we have multiple pop ups telling us that our flash player is out of date. IE 8 is out of date. I think we have been hijacked. We could really use your Help. In the Past you have always set us straight but that was several years ago. Thank you for helping us in advance.

Below is my OTL Log:

OTL logfile created on: 6/24/2013 2:38:25 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\RITTERBY\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16599)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.96 Gb Total Physical Memory | 5.38 Gb Available Physical Memory | 67.53% Memory free
10.21 Gb Paging File | 7.40 Gb Available in Paging File | 72.49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111.69 Gb Total Space | 35.61 Gb Free Space | 31.88% Space Free | Partition Type: NTFS
Drive D: | 149.04 Gb Total Space | 143.23 Gb Free Space | 96.10% Space Free | Partition Type: NTFS

Computer Name: RITTERBY-PC | User Name: RITTERBY | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\RITTERBY\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\RITTERBY\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (Adobe Systems Incorporated)
PRC - C:\ProgramData\TVersity\Media Server\MediaServer.exe ()

========== Modules (No Company Name) ==========

MOD - C:\Users\RITTERBY\AppData\Roaming\Dropbox\bin\libcef.dll ()
MOD - C:\Users\RITTERBY\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll ()

========== Services (SafeList) ==========

SRV:64bit: - (VSSERV) -- C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe (Bitdefender)
SRV:64bit: - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation)
SRV:64bit: - (BrokerInfrastructure) -- C:\Windows\SysNative\bisrv.dll (Microsoft Corporation)
SRV:64bit: - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation)
SRV:64bit: - (BdDesktopParental) -- C:\Program Files\Bitdefender\Bitdefender 2013\bdparentalservice.exe (Bitdefender)
SRV:64bit: - (UPDATESRV) -- C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe (Bitdefender)
SRV:64bit: - (TimeBroker) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (CarboniteService) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe (Carbonite, Inc. (www.carbonite.com))
SRV:64bit: - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
SRV:64bit: - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation)
SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV:64bit: - (WSService) -- C:\Windows\SysNative\WSService.dll (Microsoft Corporation)
SRV:64bit: - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation)
SRV:64bit: - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation)
SRV:64bit: - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation)
SRV:64bit: - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation)
SRV:64bit: - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation)
SRV:64bit: - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation)
SRV:64bit: - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
SRV:64bit: - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation)
SRV:64bit: - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation)
SRV:64bit: - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation)
SRV:64bit: - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
SRV:64bit: - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation)
SRV:64bit: - (AllUserInstallAgent) -- C:\Windows\SysNative\AUInstallAgent.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (vmicvss) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicrdv) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (EPSON_EB_RPCV4_04) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE (SEIKO EPSON CORPORATION)
SRV:64bit: - (EPSON_PM_RPCV4_04) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE (SEIKO EPSON CORPORATION)
SRV:64bit: - (EpsonCustomerParticipation) -- C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe (SEIKO EPSON CORPORATION)
SRV:64bit: - (WinTabService) -- C:\Windows\SysNative\Drivers\WTSrv.exe (Tablet Driver)
SRV:64bit: - (nlsInterface) -- C:\Windows\SysNative\nlsInterface.exe (Nalpeiron Ltd.)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (PrintNotify) -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (asComSvc) -- C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe ()
SRV - (AsSysCtrlService) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe (ASUSTeK Computer Inc.)
SRV - (PCPitstop Scheduling) -- C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe (PC Pitstop LLC)
SRV - (TVersityMediaServer) -- C:\ProgramData\TVersity\Media Server\MediaServer.exe ()
SRV - (StorSvc) -- C:\Windows\SysWOW64\StorSvc.dll (Microsoft Corporation)
SRV - (asHmComSvc) -- C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe (ASUSTeK Computer Inc.)
SRV - (DymoPnpService) -- C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe (Sanford, L.P.)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)

========== Driver Services (SafeList) ==========

DRV:64bit: - (trufos) -- C:\Windows\SysNative\Drivers\trufos.sys (BitDefender S.R.L.)
DRV:64bit: - (USBHUB3) -- C:\Windows\SysNative\Drivers\USBHUB3.SYS (Microsoft Corporation)
DRV:64bit: - (UCX01000) -- C:\Windows\SysNative\Drivers\UCX01000.SYS (Microsoft Corporation)
DRV:64bit: - (spaceport) -- C:\Windows\SysNative\Drivers\spaceport.sys (Microsoft Corporation)
DRV:64bit: - (avc3) -- C:\Windows\SysNative\Drivers\avc3.sys (BitDefender)
DRV:64bit: - (BdfNdisf) -- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys (BitDefender LLC)
DRV:64bit: - (avckf) -- C:\Windows\SysNative\Drivers\avckf.sys (BitDefender)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\Drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (gzflt) -- C:\Windows\SysNative\Drivers\gzflt.sys (BitDefender LLC)
DRV:64bit: - (USBXHCI) -- C:\Windows\SysNative\Drivers\USBXHCI.SYS (Microsoft Corporation)
DRV:64bit: - (storahci) -- C:\Windows\SysNative\Drivers\storahci.sys (Microsoft Corporation)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\Drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\Drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (pdc) -- C:\Windows\SysNative\Drivers\pdc.sys (Microsoft Corporation)
DRV:64bit: - (BthAvrcpTg) -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys (Microsoft Corporation)
DRV:64bit: - (BDSandBox) -- C:\Windows\SysNative\Drivers\bdsandbox.sys (BitDefender SRL)
DRV:64bit: - (WdBoot) -- C:\Windows\SysNative\Drivers\WdBoot.sys (Microsoft Corporation)
DRV:64bit: - (WdFilter) -- C:\Windows\SysNative\Drivers\WdFilter.sys (Microsoft Corporation)
DRV:64bit: - (msgpiowin32) -- C:\Windows\SysNative\Drivers\msgpiowin32.sys (Microsoft Corporation)
DRV:64bit: - (bthhfhid) -- C:\Windows\SysNative\Drivers\BthhfHid.sys (Microsoft Corporation)
DRV:64bit: - (hidi2c) -- C:\Windows\SysNative\Drivers\hidi2c.sys (Microsoft Corporation)
DRV:64bit: - (FxPPM) -- C:\Windows\SysNative\Drivers\fxppm.sys (Microsoft Corporation)
DRV:64bit: - (bdfwfpf) -- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys (BitDefender LLC)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (sdstor) -- C:\Windows\SysNative\Drivers\sdstor.sys (Microsoft Corporation)
DRV:64bit: - (dam) -- C:\Windows\SysNative\Drivers\dam.sys (Microsoft Corporation)
DRV:64bit: - (WSDScan) -- C:\Windows\SysNative\Drivers\WSDScan.sys (Microsoft Corporation)
DRV:64bit: - (GPIOClx0101) -- C:\Windows\SysNative\Drivers\msgpioclx.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\Drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\Drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (asmtxhci) -- C:\Windows\SysNative\Drivers\asmtxhci.sys (ASMedia Technology Inc)
DRV:64bit: - (asmthub3) -- C:\Windows\SysNative\Drivers\asmthub3.sys (ASMedia Technology Inc)
DRV:64bit: - (Fs_Rec) -- C:\WINDOWS\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (condrv) -- C:\Windows\SysNative\Drivers\condrv.sys (Microsoft Corporation)
DRV:64bit: - (VSTXRAID) -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS (VIA Corporation)
DRV:64bit: - (VerifierExt) -- C:\Windows\SysNative\Drivers\VerifierExt.sys (Microsoft Corporation)
DRV:64bit: - (UASPStor) -- C:\Windows\SysNative\Drivers\uaspstor.sys (Microsoft Corporation)
DRV:64bit: - (acpiex) -- C:\Windows\SysNative\Drivers\acpiex.sys (Microsoft Corporation)
DRV:64bit: - (mvumis) -- C:\Windows\SysNative\Drivers\mvumis.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\Drivers\stexstor.sys (Promise Technology, Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\Drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (LSI_SSS) -- C:\Windows\SysNative\Drivers\lsi_sss.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\Drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (EhStorTcgDrv) -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys (Microsoft Corporation)
DRV:64bit: - (EhStorClass) -- C:\Windows\SysNative\Drivers\EhStorClass.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\Drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (3ware) -- C:\Windows\SysNative\Drivers\3ware.sys (LSI)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\Drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\Drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (CLFS) -- C:\Windows\SysNative\Drivers\clfs.sys (Microsoft Corporation)
DRV:64bit: - (WFPLWFS) -- C:\Windows\SysNative\Drivers\wfplwfs.sys (Microsoft Corporation)
DRV:64bit: - (vpci) -- C:\Windows\SysNative\Drivers\vpci.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\Drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\Drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (mshidumdf) -- C:\Windows\SysNative\Drivers\mshidumdf.sys (Microsoft Corporation)
DRV:64bit: - (BasicDisplay) -- C:\Windows\SysNative\Drivers\BasicDisplay.sys (Microsoft Corporation)
DRV:64bit: - (HyperVideo) -- C:\Windows\SysNative\Drivers\HyperVideo.sys (Microsoft Corporation)
DRV:64bit: - (BasicRender) -- C:\Windows\SysNative\Drivers\BasicRender.sys (Microsoft Corporation)
DRV:64bit: - (gencounter) -- C:\Windows\SysNative\Drivers\vmgencounter.sys (Microsoft Corporation)
DRV:64bit: - (kdnic) -- C:\Windows\SysNative\Drivers\kdnic.sys (Microsoft Corporation)
DRV:64bit: - (acpitime) -- C:\Windows\SysNative\Drivers\acpitime.sys (Microsoft Corporation)
DRV:64bit: - (npsvctrig) -- C:\Windows\SysNative\Drivers\npsvctrig.sys (Microsoft Corporation)
DRV:64bit: - (WpdUpFltr) -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys (Microsoft Corporation)
DRV:64bit: - (acpipagr) -- C:\Windows\SysNative\Drivers\acpipagr.sys (Microsoft Corporation)
DRV:64bit: - (hyperkbd) -- C:\Windows\SysNative\Drivers\hyperkbd.sys (Microsoft Corporation)
DRV:64bit: - (SerCx) -- C:\Windows\SysNative\Drivers\SerCx.sys (Microsoft Corporation)
DRV:64bit: - (SpbCx) -- C:\Windows\SysNative\Drivers\SpbCx.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\Drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (BthHFEnum) -- C:\Windows\SysNative\Drivers\bthhfenum.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\Drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (Vid) -- C:\Windows\SysNative\Drivers\Vid.sys (Microsoft Corporation)
DRV:64bit: - (storvsp) -- C:\Windows\SysNative\Drivers\storvsp.sys (Microsoft Corporation)
DRV:64bit: - (wpcfltr) -- C:\Windows\SysNative\Drivers\wpcfltr.sys (Microsoft Corporation)
DRV:64bit: - (vmbusr) -- C:\Windows\SysNative\Drivers\vmbusr.sys (Microsoft Corporation)
DRV:64bit: - (vpcivsp) -- C:\Windows\SysNative\Drivers\vpcivsp.sys (Microsoft Corporation)
DRV:64bit: - (NdisImPlatform) -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys (Microsoft Corporation)
DRV:64bit: - (MsLldp) -- C:\Windows\SysNative\Drivers\mslldp.sys (Microsoft Corporation)
DRV:64bit: - (Ndu) -- C:\Windows\SysNative\Drivers\Ndu.sys (Microsoft Corporation)
DRV:64bit: - (bdelam) -- C:\Windows\SysNative\Drivers\bdelam.sys (Bitdefender)
DRV:64bit: - (RTL8168) -- C:\Windows\SysNative\Drivers\Rt630x64.sys (Realtek )
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys (Rovi Corporation)
DRV:64bit: - (silabser) -- C:\Windows\SysNative\Drivers\silabser.sys (Silicon Laboratories)
DRV:64bit: - (silabenm) -- C:\Windows\SysNative\Drivers\silabenm.sys (Silicon Laboratories)
DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\Drivers\ssadmdm.sys (MCCI Corporation)
DRV:64bit: - (ssadbus) -- C:\Windows\SysNative\Drivers\ssadbus.sys (MCCI Corporation)
DRV:64bit: - (ssadmdfl) -- C:\Windows\SysNative\Drivers\ssadmdfl.sys (MCCI Corporation)
DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\Drivers\amd_sata.sys (Advanced Micro Devices)
DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\Drivers\amd_xata.sys (Advanced Micro Devices)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\Drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (UCTblHid) -- C:\Windows\SysNative\Drivers\UCTblHid.sys (Tablet Driver)
DRV:64bit: - (TClass2k) -- C:\Windows\SysNative\Drivers\TClass2k.sys (Tablet Driver)
DRV:64bit: - (PTSimHid) -- C:\Windows\SysNative\Drivers\PTSimHid.sys (PenTablet Driver)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys (TuneUp Software)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3C D3 A6 A3 F8 6E CD 01 [binary data]
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {C73CBA0A-EC66-4EC8-AB16-5E5134D06F51}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...amp;FORM=IE10SR
IE - HKCU\..\SearchScopes\{C73CBA0A-EC66-4EC8-AB16-5E5134D06F51}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@dymo.com/DymoLabelFramework: C:\Program Files (x86)\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll ( Sanford L.P.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@sony.com/Some: C:\Program Files (x86)\Sony\Bloggie Software\npsome.dll (Sony)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\RITTERBY\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2013\BDTBEXT [2012/11/12 00:36:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013/05/27 15:16:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/06/19 14:41:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/05/09 17:05:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\Bitdefender\Bitdefender 2013\bdtbext [2012/11/12 00:36:46 | 000,000,000 | ---D | M]

[2012/07/08 23:06:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RITTERBY\AppData\Roaming\mozilla\Extensions
[2013/06/19 14:44:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RITTERBY\AppData\Roaming\mozilla\Firefox\Profiles\kh6rjam7.xp\extensions
[2013/06/19 14:38:32 | 000,000,000 | ---D | M] (SelectionLinks) -- C:\Users\RITTERBY\AppData\Roaming\mozilla\Firefox\Profiles\kh6rjam7.xp\extensions\{15EBDDEA-A5C0-46C3-A41A-59B3D05360C0}
[2013/06/19 14:38:32 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\RITTERBY\AppData\Roaming\mozilla\Firefox\Profiles\kh6rjam7.xp\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2013/03/22 20:05:21 | 000,221,336 | ---- | M] () (No name found) -- C:\Users\RITTERBY\AppData\Roaming\mozilla\firefox\profiles\kh6rjam7.xp\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2013/05/09 01:54:48 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\RITTERBY\AppData\Roaming\mozilla\firefox\profiles\kh6rjam7.xp\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/06/19 14:41:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/06/19 14:41:43 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{g
oogle:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:ins
tantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: AdobeExManDetect (Enabled) = C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll
CHR - plugin: AdobeAAMDetect (Enabled) = C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
CHR - plugin: DYMO Label Framework (Enabled) = C:\Program Files (x86)\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.10 (Enabled) = C:\WINDOWS\SysWOW64\npDeployJava1.dll
CHR - Extension: Google Drive = C:\Users\RITTERBY\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\RITTERBY\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\RITTERBY\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Gmail = C:\Users\RITTERBY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/07/09 00:41:46 | 000,001,028 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 lmlicenses.wip4.adobe.com
O1 - Hosts: 127.0.0.1 lm.licenses.adobe.com
O2:64bit: - BHO: (Save Valet) - {F0F12903-DE76-4DF7-BCDC-0A0689151189} - C:\Program Files (x86)\SaveValet\ie\SaveValetIE_64.dll (Save Valet)
O2 - BHO: (SelectionLinksBHO Class) - {5BDE3F24-D7B3-40D9-BD31-D1CFF12C47B4} - C:\Program Files (x86)\OApps\SelectionLinks.dll (SelectionLinks)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Save Valet) - {F0F12903-DE76-4DF7-BCDC-0A0689151189} - C:\Program Files (x86)\SaveValet\ie\SaveValetIE_32.dll (Save Valet)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Bdagent] C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe (Bitdefender)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [DLSService] C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe (Sanford, L.P.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Info Center] C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe (PC Pitstop LLC)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [WTClient] C:\WINDOWS\SysWow64\WTClient.exe (Tablet Driver)
O4 - HKCU..\Run: [cdloader] C:\Users\RITTERBY\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - Startup: C:\Users\RITTERBY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\RITTERBY\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\RITTERBY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]* in Local intranet)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://qtinstall.app...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus....k_sys_ctrl3.cab (asusTek_sysctrl Class)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcp...ols/pcmatic.cab (PCPitstop Utility)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2025ECCC-AF17-4010-8D13-82CCA88A33B3}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/06/24 14:35:35 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\RITTERBY\Desktop\OTL.exe
[2013/06/24 14:20:59 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\RITTERBY\Desktop\HiJackThis.exe
[2013/06/24 10:20:47 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\AppData\Local\{FE22222D-C77F-4E4D-8D22-19B13F3420F3}
[2013/06/23 22:20:41 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\AppData\Local\{BCE3C186-DF97-4846-A67E-CA105345B8EE}
[2013/06/23 10:20:36 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\AppData\Local\{FB21F4CD-DF34-4907-B452-B758DA9C1747}
[2013/06/22 22:20:30 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\AppData\Local\{95B95D4D-DBCA-4E34-A3F6-B303624B66A6}
[2013/06/22 10:20:14 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\AppData\Local\{376ECD19-302C-4F98-BDD3-6B7BBE5C06C2}
[2013/06/22 09:59:16 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\AppData\Local\Programs
[2013/06/21 22:20:08 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\AppData\Local\{C141E13A-5851-44AC-ADB3-8843941DA14B}
[2013/06/21 10:20:03 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\AppData\Local\{F11F2DED-FC7C-456A-9837-A130E09984FA}
[2013/06/20 22:19:45 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\AppData\Local\{A3063381-8C1A-48D0-B93B-C8480EE15A00}
[2013/06/20 10:19:39 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\AppData\Local\{C150BDEE-06FC-4614-9CF5-27F5783A0702}
[2013/06/20 00:10:43 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javaws.exe
[2013/06/19 14:30:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SaveValet
[2013/06/19 14:30:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2013/06/19 14:29:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OApps
[2013/06/19 14:28:48 | 000,000,000 | ---D | C] -- C:\ProgramData\APN
[2013/06/19 11:09:38 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\AppData\Local\{BFB038C1-A25A-4B59-A344-A1876658FF81}
[2013/06/18 23:05:15 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\AppData\Local\{7EEE0CD3-D2AD-42A0-B60B-D7225153EDAC}
[2013/06/18 11:05:53 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\AppData\Local\{53DEB9F9-42B3-46DF-A074-3AF38D1ECAC1}
[2013/06/17 23:05:47 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\AppData\Local\{8419D6D6-E6B8-47BC-829B-9B72BAA5275C}
[2013/06/17 11:05:42 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\AppData\Local\{69C788DE-7C11-4812-B392-1FB398074879}
[2013/06/16 23:05:36 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\AppData\Local\{C9285C59-A46A-42E4-A5B5-F33CFDB2422C}
[2013/06/16 11:05:30 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\AppData\Local\{32947787-F252-4DC2-8A52-61FB68B2AEE6}
[2013/06/15 23:05:24 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\AppData\Local\{6116882F-02C9-4AB9-B4B5-B8EC73FAFF39}
[2013/06/15 16:27:34 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\tssdisai.dll
[2013/06/15 11:05:06 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\AppData\Local\{A8085A16-B51D-48F3-85A6-7E5CBB318282}
[2013/06/14 23:05:01 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\AppData\Local\{5DA4C0A8-583C-4E59-A7E9-C016FCC2E78C}
[2013/06/14 18:25:26 | 001,257,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\kernel32.dll
[2013/06/14 17:16:56 | 001,300,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\gdi32.dll
[2013/06/14 15:55:22 | 000,888,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\autochk.exe
[2013/06/14 15:55:22 | 000,542,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\untfs.dll
[2013/06/14 15:55:22 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\untfs.dll
[2013/06/14 15:55:21 | 000,793,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\autochk.exe
[2013/06/14 14:47:22 | 013,644,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.Xaml.dll
[2013/06/14 14:47:21 | 010,788,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.Xaml.dll
[2013/06/14 14:47:20 | 010,116,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\twinui.dll
[2013/06/14 14:47:20 | 001,131,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentServer.dll
[2013/06/14 14:47:19 | 000,470,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\netprofmsvc.dll
[2013/06/14 14:47:18 | 008,857,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\twinui.dll
[2013/06/14 14:47:18 | 002,305,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\authui.dll
[2013/06/14 14:47:18 | 002,035,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\authui.dll
[2013/06/14 14:47:18 | 000,820,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\gpprefcl.dll
[2013/06/14 14:47:18 | 000,760,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuapi.dll
[2013/06/14 14:47:18 | 000,446,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\USBHUB3.SYS
[2013/06/14 14:47:18 | 000,014,848 | ---- | C] (Microsoft) -- C:\WINDOWS\SysWow64\rars.rs
[2013/06/14 14:47:18 | 000,014,848 | ---- | C] (Microsoft) -- C:\WINDOWS\SysNative\rars.rs
[2013/06/14 14:47:17 | 000,812,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Magnify.exe
[2013/06/14 14:47:17 | 000,708,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentExtensions.dll
[2013/06/14 14:47:17 | 000,621,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wuapi.dll
[2013/06/14 14:47:17 | 000,560,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfmp4srcsnk.dll
[2013/06/14 14:47:17 | 000,501,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DevicePairing.dll
[2013/06/14 14:47:17 | 000,419,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\intl.cpl
[2013/06/14 14:47:17 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\BCP47Langs.dll
[2013/06/14 14:47:17 | 000,330,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\stobject.dll
[2013/06/14 14:47:17 | 000,328,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ubpm.dll
[2013/06/14 14:47:17 | 000,284,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\spaceport.sys
[2013/06/14 14:47:17 | 000,247,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ubpm.dll
[2013/06/14 14:47:17 | 000,213,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\UCX01000.SYS
[2013/06/14 14:47:17 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\netplwiz.dll
[2013/06/14 14:47:17 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\netplwiz.dll
[2013/06/14 14:47:17 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\psmsrv.dll
[2013/06/14 14:47:17 | 000,058,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuauclt.exe
[2013/06/14 14:47:16 | 001,619,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wucltux.dll
[2013/06/14 14:47:16 | 000,758,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Magnify.exe
[2013/06/14 14:47:16 | 000,582,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\gpprefcl.dll
[2013/06/14 14:47:16 | 000,449,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\DevicePairing.dll
[2013/06/14 14:47:16 | 000,411,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfmp4srcsnk.dll
[2013/06/14 14:47:16 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\intl.cpl
[2013/06/14 14:47:16 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\BCP47Langs.dll
[2013/06/14 14:47:16 | 000,251,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WUSettingsProvider.dll
[2013/06/14 14:47:16 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\bisrv.dll
[2013/06/14 14:47:16 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\storewuauth.dll
[2013/06/14 14:47:16 | 000,141,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuwebv.dll
[2013/06/14 14:47:16 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wuwebv.dll
[2013/06/14 14:47:16 | 000,122,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\biwinrt.dll
[2013/06/14 14:47:16 | 000,120,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AuthHost.exe
[2013/06/14 14:47:16 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wudriver.dll
[2013/06/14 14:47:16 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\biwinrt.dll
[2013/06/14 14:47:16 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wudriver.dll
[2013/06/14 14:47:16 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\hidclass.sys
[2013/06/14 14:47:15 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuapp.exe
[2013/06/14 14:47:15 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wuapp.exe
[2013/06/14 14:47:15 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\muifontsetup.dll
[2013/06/14 14:47:15 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\muifontsetup.dll
[2013/06/14 11:04:55 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\AppData\Local\{407A1131-8859-449D-9FF8-105512842511}
[2013/06/13 23:04:49 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\AppData\Local\{E4AC9785-3238-4190-BE65-91914426E8D6}
[2013/06/13 11:04:43 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\AppData\Local\{F03E558D-BB83-4C5B-825C-FC2EA9946FDA}
[2013/06/12 23:04:37 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\AppData\Local\{57BFC160-CEFC-444A-B315-CA63EE3CD1C7}
[2013/06/12 12:13:46 | 001,889,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\crypt32.dll
[2013/06/12 12:13:46 | 001,255,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\certutil.exe
[2013/06/12 12:13:46 | 001,013,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\certutil.exe
[2013/06/12 12:13:46 | 000,141,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\cryptnet.dll
[2013/06/12 11:52:38 | 000,733,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\win32spl.dll
[2013/06/12 11:30:09 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\cryptdlg.dll
[2013/06/12 11:30:09 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\cryptdlg.dll
[2013/06/12 11:04:31 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\AppData\Local\{33EB649F-1423-444D-BD8A-8C97783F4947}
[2013/06/12 10:52:18 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9.dll
[2013/06/12 10:52:16 | 000,915,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\uxtheme.dll
[2013/06/12 10:52:16 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript.dll
[2013/06/12 10:52:16 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\jscript.dll
[2013/06/12 10:52:16 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msfeeds.dll
[2013/06/12 10:52:16 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\UXInit.dll
[2013/06/12 10:52:16 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ie4uinit.exe
[2013/06/12 10:52:16 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\UXInit.dll
[2013/06/11 23:04:26 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\AppData\Local\{D53C96B4-0532-4CAB-A4B8-2F725F931C05}
[2013/06/11 11:04:20 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\AppData\Local\{8A139C0F-EC5E-4D9E-BC1D-83602D8F3F70}
[2013/06/10 23:04:14 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\AppData\Local\{966D3950-C4F4-41FB-B350-51BB959A76B5}
[2013/06/10 17:19:08 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\Desktop\Brave
[2013/06/10 11:04:08 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\AppData\Local\{7F7BC70C-03BF-489A-951B-78FEDE397050}
[2013/06/09 23:03:50 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\AppData\Local\{8BD76B90-D385-48EA-AAC7-06FCD5F94D62}
[2013/06/09 11:03:44 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\AppData\Local\{429E8538-D223-4A02-8762-297C9D67F0BA}
[2013/06/08 23:03:38 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\AppData\Local\{6766FA93-29A5-45FC-8675-156C17E90874}
[2013/06/08 11:03:21 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\AppData\Local\{E1F1DFD0-4CFC-4239-8BD5-6642F7D2AB8F}
[2013/06/07 23:03:15 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\AppData\Local\{2E2F0CC9-8892-493A-8A32-9B2DC1DEF0AC}
[2013/06/07 11:03:09 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\AppData\Local\{D2E1FE4B-837A-4FCD-9255-E45E343DDEC2}
[2013/06/06 23:03:03 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\AppData\Local\{CB572939-A135-4613-B7DC-A0F371F9D7E1}
[2013/06/06 11:02:57 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\AppData\Local\{9F62446F-AD3A-4882-90D6-7CDC330E2EFB}
[2013/06/05 23:02:52 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\AppData\Local\{65A719A3-F70F-4A6E-91B6-07A593607290}
[2013/06/05 11:02:34 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\AppData\Local\{EF6D9AC7-091C-4BDE-B7AB-DC2FEDF1F00E}
[2013/06/04 23:02:28 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\AppData\Local\{0CE932BB-B993-4AEC-8889-F81218068DB0}
[2013/06/04 11:02:22 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\AppData\Local\{5417381D-0443-496F-B859-FF7F991F167C}
[2013/06/03 23:02:16 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\AppData\Local\{218C773E-72AB-4A46-85F6-93F639C734C9}
[2013/06/03 11:02:10 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\AppData\Local\{3397CE4C-8AD6-4FCB-966E-A55A54371EB6}
[2013/06/02 23:02:05 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\AppData\Local\{5B94A5F8-E404-48DB-B933-F93A9043D4A4}
[2013/06/02 11:01:59 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\AppData\Local\{1BF2BF6B-1999-4A30-8385-807A9F02C62C}
[2013/06/01 23:01:53 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\AppData\Local\{3403434F-13E5-4231-9400-B1F703892C87}
[2013/06/01 11:01:47 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\AppData\Local\{E8455A15-7CBC-45D6-A213-E0DA5464CB8D}
[2013/05/31 23:01:41 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\AppData\Local\{FB9AD3C1-3FB7-4807-A86F-D4E8DF0DE223}
[2013/05/31 11:01:35 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\AppData\Local\{492516B3-A18A-4013-B063-8B48EE98DCD2}
[2013/05/30 23:01:30 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\AppData\Local\{B4A3CEBF-7254-4A97-AB36-2F20BB2F1A9B}
[2013/05/30 11:01:24 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\AppData\Local\{250F3117-671C-48CF-BABB-49EFFEDD6E09}
[2013/05/29 23:01:06 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\AppData\Local\{6A27FE61-98E0-4C80-BE4B-EF8C74F00AFF}
[2013/05/29 14:02:34 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FontForge
[2013/05/29 14:02:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FontForge
[2013/05/29 11:01:00 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\AppData\Local\{840A25D8-CBE1-4F8C-8AA7-37F8CB69E9D1}
[2013/05/28 22:26:12 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\AppData\Local\{C6808C93-3DA9-477A-BBBA-C682C096D8E7}
[2013/05/28 10:26:06 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\AppData\Local\{8D9DDB47-F6C9-4DB0-BA96-2ACD36D86B17}
[2013/05/27 22:25:48 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\AppData\Local\{9DDA605D-06F4-4425-A1A6-4BAD116F2821}
[2013/05/27 15:25:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/05/27 10:25:30 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\AppData\Local\{0F13F55F-954C-4FAA-848E-5641FCC06818}
[2013/05/26 20:37:01 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\AppData\Local\{8A3D0EAC-54B5-4E40-89AA-B43E6E1E219B}
[2013/05/26 15:06:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2013/05/26 15:06:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2013/05/26 15:06:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2013/05/26 10:33:22 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\AppData\Local\{BA24C60B-EAB6-46B0-97E2-84B69C3BE18B}
[2013/05/25 22:33:04 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\AppData\Local\{AF681075-80AA-430A-AAF1-70AACFED56EC}
[2013/05/06 04:22:54 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\8blor.dat

========== Files - Modified Within 30 Days ==========

[2013/06/24 14:35:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\RITTERBY\Desktop\OTL.exe
[2013/06/24 14:27:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/24 14:20:59 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\RITTERBY\Desktop\HiJackThis.exe
[2013/06/24 13:42:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/06/24 07:21:28 | 000,000,408 | ---- | M] () -- C:\WINDOWS\SysWow64\tversity.cookies
[2013/06/24 02:27:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/23 00:56:12 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/06/22 22:56:32 | 000,848,230 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2013/06/22 22:56:32 | 000,718,176 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2013/06/22 22:56:32 | 000,132,542 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2013/06/22 11:31:07 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013/06/22 09:59:31 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/06/21 10:36:27 | 000,242,995 | ---- | M] () -- C:\Users\RITTERBY\Desktop\Guildcraft Summer pinwheel.pdf
[2013/06/20 10:45:56 | 000,010,709 | ---- | M] () -- C:\Users\RITTERBY\Desktop\Thick and Creamy Broccoli Cheddar Soup.rtf
[2013/06/19 14:30:03 | 000,000,000 | ---- | M] () -- C:\end
[2013/06/19 11:08:04 | 007,090,768 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2013/06/13 12:28:35 | 000,108,553 | ---- | M] () -- C:\Users\RITTERBY\Desktop\Tablets.jpg
[2013/06/13 12:28:35 | 000,108,553 | ---- | M] () -- C:\Users\RITTERBY\Desktop\4824-c-sq.jpg
[2013/06/12 21:48:23 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\npDeployJava1.dll
[2013/06/12 21:48:17 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\deployJava1.dll
[2013/06/12 21:47:57 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\WindowsAccessBridge-32.dll
[2013/06/12 21:43:48 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javaws.exe
[2013/06/12 21:43:44 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javaw.exe
[2013/06/12 21:43:25 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\java.exe
[2013/06/11 21:20:21 | 000,001,055 | ---- | M] () -- C:\Users\RITTERBY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/06/08 18:26:49 | 000,003,240 | ---- | M] () -- C:\Users\RITTERBY\Desktop\Do it Yourself.rtf
[2013/06/08 10:59:24 | 000,638,065 | ---- | M] () -- C:\Users\RITTERBY\Desktop\Turtles_O.png
[2013/06/08 10:59:23 | 000,000,132 | ---- | M] () -- C:\Users\RITTERBY\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2013/06/08 10:57:11 | 001,017,289 | ---- | M] () -- C:\Users\RITTERBY\Desktop\Turtles.png
[2013/06/07 00:30:47 | 001,040,322 | ---- | M] () -- C:\Users\RITTERBY\Desktop\Sofia.png
[2013/06/07 00:21:11 | 000,937,182 | ---- | M] () -- C:\Users\RITTERBY\Desktop\OneDirection.png
[2013/06/07 00:20:33 | 000,730,199 | ---- | M] () -- C:\Users\RITTERBY\Desktop\OneDirection_O.png
[2013/06/06 17:29:36 | 000,531,949 | ---- | M] () -- C:\Users\RITTERBY\Desktop\NinjagoZX_O.png
[2013/06/06 17:28:12 | 000,969,543 | ---- | M] () -- C:\Users\RITTERBY\Desktop\NinjagoZX.png
[2013/06/06 17:25:14 | 000,527,492 | ---- | M] () -- C:\Users\RITTERBY\Desktop\Ninjago_O.png
[2013/06/06 17:21:52 | 000,960,237 | ---- | M] () -- C:\Users\RITTERBY\Desktop\Ninjago.png
[2013/06/06 17:16:51 | 000,710,621 | ---- | M] () -- C:\Users\RITTERBY\Desktop\MonsterHigh_O.png
[2013/06/06 16:59:46 | 000,981,794 | ---- | M] () -- C:\Users\RITTERBY\Desktop\MonsterHigh.png
[2013/06/05 13:05:21 | 000,382,536 | ---- | M] (BitDefender S.R.L.) -- C:\WINDOWS\SysNative\drivers\trufos.sys
[2013/06/04 15:09:22 | 000,693,112 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
[2013/06/04 15:09:22 | 000,078,200 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
[2013/06/02 01:28:49 | 000,208,014 | ---- | M] () -- C:\Users\RITTERBY\Desktop\vmf-font_anha-queen-vmf.zip
[2013/06/02 01:27:34 | 000,043,873 | ---- | M] () -- C:\Users\RITTERBY\Desktop\b09d0b6c0b024ed4bc79f1e43a24eb44.jpg
[2013/06/02 01:21:18 | 000,104,447 | ---- | M] () -- C:\Users\RITTERBY\Desktop\aldus_royal.zip
[2013/06/02 01:18:48 | 000,157,193 | ---- | M] () -- C:\Users\RITTERBY\Desktop\dexsar-harry-anugrah_dhf-milestone-script-demo.zip
[2013/06/02 01:17:53 | 000,479,361 | ---- | M] () -- C:\Users\RITTERBY\Desktop\0d1beede37c14accb9a047cda0ea99b8.png
[2013/06/02 01:16:53 | 001,490,298 | ---- | M] () -- C:\Users\RITTERBY\Desktop\khryskreations_kbastitchintime.zip
[2013/06/02 01:15:22 | 000,623,930 | ---- | M] () -- C:\Users\RITTERBY\Desktop\kc-fonts_urban-jungle.zip
[2013/06/02 01:13:31 | 000,302,526 | ---- | M] () -- C:\Users\RITTERBY\Desktop\mÃ¥ns-grebÃ¤ck_ventography-personal-use-only.zip
[2013/05/30 16:24:29 | 001,257,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\kernel32.dll
[2013/05/30 00:08:59 | 000,220,956 | ---- | M] () -- C:\Users\RITTERBY\Desktop\fd538eef9b7353c9c5c182c259cb5a81.jpg
[2013/05/29 14:37:49 | 000,021,498 | ---- | M] () -- C:\Users\RITTERBY\Desktop\805ecbd27a00afd465818655a9e96173.png

========== Files Created - No Company Name ==========

[2013/06/22 09:59:31 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/06/21 10:36:27 | 000,242,995 | ---- | C] () -- C:\Users\RITTERBY\Desktop\Guildcraft Summer pinwheel.pdf
[2013/06/19 14:29:59 | 000,000,000 | ---- | C] () -- C:\end
[2013/06/19 11:08:01 | 007,090,768 | ---- | C] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2013/06/14 14:47:15 | 000,386,646 | ---- | C] () -- C:\WINDOWS\SysNative\ApnDatabase.xml
[2013/06/13 12:29:15 | 000,108,553 | ---- | C] () -- C:\Users\RITTERBY\Desktop\Tablets.jpg
[2013/06/13 12:28:53 | 000,108,553 | ---- | C] () -- C:\Users\RITTERBY\Desktop\4824-c-sq.jpg
[2013/06/10 10:24:18 | 000,010,709 | ---- | C] () -- C:\Users\RITTERBY\Desktop\Thick and Creamy Broccoli Cheddar Soup.rtf
[2013/06/08 18:26:49 | 000,003,240 | ---- | C] () -- C:\Users\RITTERBY\Desktop\Do it Yourself.rtf
[2013/06/08 10:59:20 | 000,638,065 | ---- | C] () -- C:\Users\RITTERBY\Desktop\Turtles_O.png
[2013/06/08 10:57:09 | 001,017,289 | ---- | C] () -- C:\Users\RITTERBY\Desktop\Turtles.png
[2013/06/07 00:30:44 | 001,040,322 | ---- | C] () -- C:\Users\RITTERBY\Desktop\Sofia.png
[2013/06/07 00:21:09 | 000,937,182 | ---- | C] () -- C:\Users\RITTERBY\Desktop\OneDirection.png
[2013/06/07 00:20:30 | 000,730,199 | ---- | C] () -- C:\Users\RITTERBY\Desktop\OneDirection_O.png
[2013/06/06 17:29:34 | 000,531,949 | ---- | C] () -- C:\Users\RITTERBY\Desktop\NinjagoZX_O.png
[2013/06/06 17:28:09 | 000,969,543 | ---- | C] () -- C:\Users\RITTERBY\Desktop\NinjagoZX.png
[2013/06/06 17:25:12 | 000,527,492 | ---- | C] () -- C:\Users\RITTERBY\Desktop\Ninjago_O.png
[2013/06/06 17:21:49 | 000,960,237 | ---- | C] () -- C:\Users\RITTERBY\Desktop\Ninjago.png
[2013/06/06 17:16:48 | 000,710,621 | ---- | C] () -- C:\Users\RITTERBY\Desktop\MonsterHigh_O.png
[2013/06/06 16:59:35 | 000,981,794 | ---- | C] () -- C:\Users\RITTERBY\Desktop\MonsterHigh.png
[2013/06/02 01:28:56 | 000,043,873 | ---- | C] () -- C:\Users\RITTERBY\Desktop\b09d0b6c0b024ed4bc79f1e43a24eb44.jpg
[2013/06/02 01:28:49 | 000,208,014 | ---- | C] () -- C:\Users\RITTERBY\Desktop\vmf-font_anha-queen-vmf.zip
[2013/06/02 01:21:18 | 000,104,447 | ---- | C] () -- C:\Users\RITTERBY\Desktop\aldus_royal.zip
[2013/06/02 01:18:48 | 000,157,193 | ---- | C] () -- C:\Users\RITTERBY\Desktop\dexsar-harry-anugrah_dhf-milestone-script-demo.zip
[2013/06/02 01:18:34 | 000,479,361 | ---- | C] () -- C:\Users\RITTERBY\Desktop\0d1beede37c14accb9a047cda0ea99b8.png
[2013/06/02 01:16:53 | 001,490,298 | ---- | C] () -- C:\Users\RITTERBY\Desktop\khryskreations_kbastitchintime.zip
[2013/06/02 01:15:21 | 000,623,930 | ---- | C] () -- C:\Users\RITTERBY\Desktop\kc-fonts_urban-jungle.zip
[2013/06/02 01:13:31 | 000,302,526 | ---- | C] () -- C:\Users\RITTERBY\Desktop\mÃ¥ns-grebÃ¤ck_ventography-personal-use-only.zip
[2013/05/30 00:23:41 | 000,042,488 | ---- | C] () -- C:\Users\RITTERBY\Desktop\Metropolis 1920.otf
[2013/05/30 00:09:53 | 000,220,956 | ---- | C] () -- C:\Users\RITTERBY\Desktop\fd538eef9b7353c9c5c182c259cb5a81.jpg
[2013/05/29 14:37:59 | 000,021,498 | ---- | C] () -- C:\Users\RITTERBY\Desktop\805ecbd27a00afd465818655a9e96173.png
[2013/05/06 04:22:50 | 095,023,320 | ---- | C] () -- C:\ProgramData\23lldnur.pad
[2013/05/06 04:15:19 | 000,000,151 | ---- | C] () -- C:\ProgramData\lot84.reg
[2013/05/06 04:15:19 | 000,000,055 | ---- | C] () -- C:\ProgramData\lot84.bat
[2013/05/06 04:15:18 | 095,023,320 | ---- | C] () -- C:\ProgramData\lot84.pad
[2013/05/06 04:15:18 | 095,023,320 | ---- | C] () -- C:\ProgramData\ej3gq.pad
[2013/01/02 22:23:17 | 000,000,062 | ---- | C] () -- C:\WINDOWS\ENX330.ini
[2012/12/19 20:39:48 | 000,000,132 | ---- | C] () -- C:\Users\RITTERBY\AppData\Roaming\Adobe IllExport Filter CS6 Prefs
[2012/12/10 22:14:04 | 000,003,584 | ---- | C] () -- C:\Users\RITTERBY\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/11/12 00:37:27 | 000,481,294 | ---- | C] () -- C:\ProgramData\1352705226.bdinstall.bin
[2012/11/12 00:18:10 | 000,206,080 | ---- | C] () -- C:\ProgramData\1352704622.bdinstall.bin
[2012/11/11 12:09:48 | 000,083,968 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll
[2012/10/11 20:49:54 | 000,004,608 | ---- | C] () -- C:\WINDOWS\SysWow64\Viveza2FC64.dll
[2012/10/11 20:48:50 | 000,003,072 | ---- | C] () -- C:\WINDOWS\SysWow64\Viveza2FC32.dll
[2012/10/11 12:35:35 | 000,003,584 | ---- | C] () -- C:\WINDOWS\SysWow64\SilverEfexPro2FC32.dll
[2012/09/16 13:37:42 | 000,000,320 | -H-- | C] () -- C:\WINDOWS\€nlsPreferences.dat
[2012/09/11 14:18:08 | 000,000,037 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2012/09/10 13:45:05 | 000,000,083 | ---- | C] () -- C:\WINDOWS\EPSPR260.ini
[2012/09/04 19:17:56 | 000,326,144 | ---- | C] () -- C:\WINDOWS\SysWow64\ColorEfexPro4FC32.dll
[2012/09/04 12:00:40 | 002,510,464 | ---- | C] () -- C:\WINDOWS\PE_Rom.dll
[2012/08/13 14:28:54 | 000,108,777 | ---- | C] () -- C:\ProgramData\1344893305.bdinstall.bin
[2012/08/13 14:20:03 | 000,364,341 | ---- | C] () -- C:\ProgramData\1344892342.bdinstall.bin
[2012/08/01 22:52:50 | 000,000,116 | ---- | C] () -- C:\WINDOWS\ULEAD32.INI
[2012/07/26 01:13:10 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2012/07/26 01:13:09 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2012/07/26 00:21:26 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/07/25 18:17:42 | 000,043,520 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2012/07/25 13:37:29 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2012/07/25 13:28:31 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2012/07/21 23:34:00 | 000,000,132 | ---- | C] () -- C:\Users\RITTERBY\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2012/07/17 20:24:08 | 000,002,437 | ---- | C] () -- C:\WINDOWS\Tablet10000x6583.ini
[2012/07/09 21:19:52 | 000,003,584 | ---- | C] () -- C:\WINDOWS\SysWow64\HDREfexPro2FC32.dll
[2012/07/08 22:18:57 | 000,073,220 | ---- | C] () -- C:\WINDOWS\SysWow64\EPPICPrinterDB.dat
[2012/07/08 22:18:57 | 000,031,053 | ---- | C] () -- C:\WINDOWS\SysWow64\EPPICPattern131.dat
[2012/07/08 22:18:57 | 000,029,114 | ---- | C] () -- C:\WINDOWS\SysWow64\EPPICPattern1.dat
[2012/07/08 22:18:57 | 000,027,417 | ---- | C] () -- C:\WINDOWS\SysWow64\EPPICPattern121.dat
[2012/07/08 22:18:57 | 000,021,021 | ---- | C] () -- C:\WINDOWS\SysWow64\EPPICPattern3.dat
[2012/07/08 22:18:57 | 000,015,670 | ---- | C] () -- C:\WINDOWS\SysWow64\EPPICPattern5.dat
[2012/07/08 22:18:57 | 000,013,280 | ---- | C] () -- C:\WINDOWS\SysWow64\EPPICPattern2.dat
[2012/07/08 22:18:57 | 000,010,673 | ---- | C] () -- C:\WINDOWS\SysWow64\EPPICPattern4.dat
[2012/07/08 22:18:57 | 000,004,943 | ---- | C] () -- C:\WINDOWS\SysWow64\EPPICPattern6.dat
[2012/07/08 22:18:57 | 000,001,140 | ---- | C] () -- C:\WINDOWS\SysWow64\EPPICPresetData_PT.dat
[2012/07/08 22:18:57 | 000,001,140 | ---- | C] () -- C:\WINDOWS\SysWow64\EPPICPresetData_BP.dat
[2012/07/08 22:18:57 | 000,001,137 | ---- | C] () -- C:\WINDOWS\SysWow64\EPPICPresetData_ES.dat
[2012/07/08 22:18:57 | 000,001,130 | ---- | C] () -- C:\WINDOWS\SysWow64\EPPICPresetData_FR.dat
[2012/07/08 22:18:57 | 000,001,130 | ---- | C] () -- C:\WINDOWS\SysWow64\EPPICPresetData_CF.dat
[2012/07/08 22:18:57 | 000,001,104 | ---- | C] () -- C:\WINDOWS\SysWow64\EPPICPresetData_EN.dat
[2012/07/08 22:18:57 | 000,000,097 | ---- | C] () -- C:\WINDOWS\SysWow64\PICSDK.ini
[2012/07/08 22:17:48 | 000,000,084 | ---- | C] () -- C:\WINDOWS\EPSPRX595.ini
[2012/07/08 21:49:34 | 000,000,036 | -H-- | C] () -- C:\WINDOWS\SysWow64\f9t.dat
[2012/07/07 10:53:32 | 000,481,832 | ---- | C] () -- C:\ProgramData\1341683489.bdinstall.bin
[2012/07/05 11:06:54 | 000,015,232 | ---- | C] () -- C:\WINDOWS\SysWow64\drivers\AsIO.sys
[2012/07/05 11:06:33 | 000,011,832 | ---- | C] () -- C:\WINDOWS\SysWow64\drivers\AsInsHelp64.sys
[2012/07/05 10:57:24 | 000,001,769 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
[2012/07/05 10:57:15 | 000,027,769 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2012/06/02 07:31:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat

========== ZeroAccess Check ==========

[2013/05/09 13:17:28 | 000,002,048 | -HS- | M] () -- C:\$Recycle.bin\S-1-5-18\$8032e41b85612782079b8eca8584d680\@
[2013/05/09 13:17:28 | 000,000,000 | -HSD | M] -- C:\$Recycle.bin\S-1-5-18\$8032e41b85612782079b8eca8584d680\L
[2013/05/09 13:17:28 | 000,000,000 | -HSD | M] -- C:\$Recycle.bin\S-1-5-18\$8032e41b85612782079b8eca8584d680\U

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\$Recycle.Bin\S-1-5-21-3155505729-549796363-3381092046-1000\$8032e41b85612782079b8eca8584d680\n.

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/03/05 23:31:28 | 019,758,592 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/03/05 22:03:37 | 017,561,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\$Recycle.Bin\S-1-5-18\$8032e41b85612782079b8eca8584d680\n.
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/25 20:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/25 20:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/02/26 17:30:36 | 000,000,000 | ---D | M] -- C:\Users\RITTERBY\AppData\Roaming\.minecraft
[2012/08/01 22:35:31 | 000,000,000 | ---D | M] -- C:\Users\RITTERBY\AppData\Roaming\Alien Skin
[2012/11/12 00:36:37 | 000,000,000 | ---D | M] -- C:\Users\RITTERBY\AppData\Roaming\Bitdefender
[2012/07/09 01:05:25 | 000,000,000 | ---D | M] -- C:\Users\RITTERBY\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/12/08 23:06:03 | 000,000,000 | ---D | M] -- C:\Users\RITTERBY\AppData\Roaming\com.adobe.WidgetBrowser
[2013/06/24 11:59:16 | 000,000,000 | ---D | M] -- C:\Users\RITTERBY\AppData\Roaming\Dropbox
[2013/01/30 20:11:44 | 000,000,000 | ---D | M] -- C:\Users\RITTERBY\AppData\Roaming\eCraftShop Pro
[2013/03/10 08:15:11 | 000,000,000 | ---D | M] -- C:\Users\RITTERBY\AppData\Roaming\Epson
[2012/10/12 13:20:36 | 000,000,000 | ---D | M] -- C:\Users\RITTERBY\AppData\Roaming\Extensis
[2013/01/20 08:23:03 | 000,000,000 | ---D | M] -- C:\Users\RITTERBY\AppData\Roaming\Flash Video Capture Data
[2013/02/17 15:19:25 | 000,000,000 | ---D | M] -- C:\Users\RITTERBY\AppData\Roaming\ImgBurn
[2012/07/08 22:27:22 | 000,000,000 | ---D | M] -- C:\Users\RITTERBY\AppData\Roaming\Leadertech
[2013/05/09 17:05:02 | 000,000,000 | ---D | M] -- C:\Users\RITTERBY\AppData\Roaming\mjusbsp
[2012/10/21 19:19:17 | 000,000,000 | ---D | M] -- C:\Users\RITTERBY\AppData\Roaming\Nik Software
[2013/04/06 18:27:22 | 000,000,000 | ---D | M] -- C:\Users\RITTERBY\AppData\Roaming\OpenOffice.org
[2012/07/07 10:51:33 | 000,000,000 | ---D | M] -- C:\Users\RITTERBY\AppData\Roaming\QuickScan
[2012/07/07 10:48:59 | 000,000,000 | ---D | M] -- C:\Users\RITTERBY\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2013/02/20 16:54:11 | 000,000,000 | ---D | M] -- C:\Users\RITTERBY\AppData\Roaming\Stamps.com Internet Postage
[2013/04/13 06:56:09 | 000,000,000 | ---D | M] -- C:\Users\RITTERBY\AppData\Roaming\TuneUp Software
[2012/07/07 11:30:58 | 000,000,000 | ---D | M] -- C:\Users\RITTERBY\AppData\Roaming\Windows Live Writer

========== Purity Check ==========

========== Custom Scans ==========

< Logfile of Trend Micro HijackThis v2.0.4 >
[2012/07/26 00:22:10 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT
[2012/10/04 09:44:17 | 000,000,830 | ---- | C] () -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
[2012/11/19 09:12:40 | 000,000,922 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
[2012/11/19 09:12:40 | 000,000,926 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

< Scan saved at 2:22:26 PM, on 6/24/2013 >

< Platform: Unknown Windows (WinNT 6.02.1008) >

< MSIE: Internet Explorer v10.0 (10.00.9200.16537) >

< Boot mode: Normal >

< >

< Running processes: >

< C:\Users\RITTERBY\AppData\Roaming\Dropbox\bin\Dropbox.exe >
[2013/05/24 17:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Users\RITTERBY\AppData\Roaming\Dropbox\bin\Dropbox.exe

< C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe >
[2013/01/14 16:12:18 | 001,065,480 | R--- | M] (Carbonite, Inc.) -- C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe

< C:\Program Files (x86)\Windows Live\Mail\wlmail.exe >
[2012/03/08 19:28:52 | 000,092,024 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Mail\wlmail.exe

< C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe >
[2012/03/08 17:44:02 | 000,025,456 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

< C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe >
[2012/09/20 07:44:16 | 000,296,392 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe

< C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe >
[2013/03/12 07:32:50 | 000,253,816 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

< C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE >
[2013/02/21 04:28:11 | 000,770,608 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe

< C:\Users\RITTERBY\Desktop\HiJackThis.exe >
[2013/06/24 14:20:59 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\RITTERBY\Desktop\HiJackThis.exe

< >

< R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896 >
Invalid Switch: ?LinkId=54896

< R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/ >
Invalid Switch:

< R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896 >
Invalid Switch: ?LinkId=54896

< R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank >

< R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = >

< R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = >

< R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm >

< R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local >

< R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = >

< R3 - URLSearchHook: (no name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file) >

< F2 - REG:system.ini: UserInit=userinit.exe, >

< O2 - BHO: HelloWorldBHO - {5BDE3F24-D7B3-40D9-BD31-D1CFF12C47B4} - C:\Program Files (x86)\OApps\SelectionLinks.dll >

< O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll >

< O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll >

< O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll >

< O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll >

< O2 - BHO: Science BHO - {F0F12903-DE76-4DF7-BCDC-0A0689151189} - C:\Program Files (x86)\SaveValet\ie\SaveValetIE_32.dll >

< O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll >

< O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll >

< O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin >

< O4 - HKLM\..\Run: [DLSService] "C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe" >

< O4 - HKLM\..\Run: [Info Center] C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe >

< O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe >

< O4 - HKLM\..\Run: [WTClient] WTClient.exe >

< O4 - HKLM\..\Run: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe >

< O4 - HKLM\..\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" >

< O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" >

< O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" >

< O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" >

< O4 - HKLM\..\Run: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe >

< O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" >

< O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime >

< O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" >

< O4 - HKCU\..\Run: [cdloader] "C:\Users\RITTERBY\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK >

< O4 - Startup: Dropbox.lnk = RITTERBY\AppData\Roaming\Dropbox\bin\Dropbox.exe >

< O4 - Startup: OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe >

< O4 - Global Startup: Bloggie Watcher Utility.lnk = C:\Program Files (x86)\Sony\Bloggie Software\BGVolumeWatcher.exe >

< O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html >
Invalid Switch: AcroIEAppendSelLinks.html

< O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html >
Invalid Switch: AcroIEAppend.html

< O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html >
Invalid Switch: AcroIECaptureSelLinks.html

< O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html >
Invalid Switch: AcroIECapture.html

< O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll >

< O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) >

< O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) >

< O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics >

< O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://qtinstall.app...ex/qtplugin.cab >
Invalid Switch: qtplugin.cab

< O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus....k_sys_ctrl3.cab >
Invalid Switch: asusTek_sys_ctrl3.cab

< O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://utilities.pcp...ols/pcmatic.cab >
Invalid Switch: pcmatic.cab

< O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe >

< O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing) >

< O23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe >

< O23 - Service: DYMO PnP Service (DymoPnpService) - Sanford, L.P. - C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe >

< O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing) >

< O23 - Service: EpsonCustomerParticipation - SEIKO EPSON CORPORATION - C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe >

< O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing) >

< O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe >

< O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe >

< O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) >

< O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe >

< O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe >

< O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing) >

< O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) >

< O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\WINDOWS\system32\nvvsvc.exe (file missing) >

< O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe >

< O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing) >

< O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) >

< O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing) >

< O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing) >

< O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing) >

< O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe >

< O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe >

< O23 - Service: TVersity Media Server (TVersityMediaServer) - Unknown owner - C:\ProgramData\TVersity\Media Server\MediaServer.exe >

< O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing) >

< O23 - Service: Bitdefender Desktop Update Service (UPDATESRV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe >

< O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) >

< O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing) >

< O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing) >

< O23 - Service: Bitdefender Virus Shield (VSSERV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe >

< O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing) >

< O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing) >

< O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) >

< >

< -- >

< End of file - 11072 bytes >

< End of report >

Advertisements

Register to Remove

#2 ----------------

SuperMember

Authentic Member
1,095 posts

Posted 25 June 2013 - 11:57 AM

Hi there,
my name is Marius and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.

First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
Perform everything in the correct order. Sometimes one step requires the previous one.
If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

Please download Gmer from here by clicking on the "Download EXE" Button.

Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
In the right panel, you will see several boxes that have been checked. Uncheck the following ...
- Sections
- IAT/EAT
- Show All ( should be unchecked by default )
Leave everything else as it is.
Close all other running programs as well as your Browser.
Click the Scan button & wait for it to finish.
Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
Save it where you can easily find it, such as your desktop.
Please post the content of the ark.txt here.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Proud Member of UNITE & TB

#3 ROOFIE(MTL)

Authentic Member

Authentic Member
130 posts

Posted 26 June 2013 - 01:45 AM

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-06-26 00:36:07
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000032 OCZ-VERT rev.2.22 111.79GB
Running: h16d537c.exe; Driver: C:\Users\RITTERBY\AppData\Local\Temp\uftcikow.sys

---- Threads - GMER 2.1 ----

Thread C:\WINDOWS\system32\csrss.exe [648:3848] fffff960008e05e8
Thread [4216:4224] 0000000180009a60
Thread [4216:4228] 000007ffc3b39420
Thread [4216:4232] 000007ffc7b8da50
Thread [4216:4236] 000007ffc38d31c0
Thread [4216:4240] 000007ffb80b67e0
Thread [4216:4244] 00000001800045d0
Thread [4216:4248] 00000001800045d0
Thread [4216:4252] 0000000180005d50
Thread [4216:4256] 00000000035dc7c0
Thread [4216:4260] 00000000035dc7d0
Thread [4216:4264] 00000000035dc7d0
Thread [4216:4268] 00000000035dc7d0
Thread [4216:4272] 00000000035dc7d0
Thread [4216:4276] 00000000035dc810
Thread [4216:4280] 000007ffb05f1c80
Thread [4216:4292] 000007ffc70423a8
Thread [4216:4300] 000007ffb0653b20
Thread [4216:4740] 000007ffc3569af0
Thread [4216:4312] 000007ffc3be3110
Thread [4216:8012] 000007ffc7b8da50
Thread [4216:968] 000007ffc7b8da50

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed 1613628643

---- EOF - GMER 2.1 ----

#4 ----------------

SuperMember

Authentic Member
1,095 posts

Posted 26 June 2013 - 12:18 PM

Please download Malwarebytes Anti-Rootkit from here Malwarebytes : Malwarebytes Anti-Rootkit and save it to your desktop.

Be sure to print out and follow the instructions provided on that same page.

Caution: This is a beta version so please be sure to read the disclaimer and back up any important data before using.

Double click the mbar.zip file to open it, then 'Extract all files'.
Double click the mbar folder to open it, then double click mbar.exe to start the tool.

Check for Updates, then Scan your system for malware

If malware is found, do NOT press the Cleanup button yet. Click EXIT.

I'd like to see the log first so I can see what it sees. You'll find the log in that mbar folder as MBAR-log-<date and time>***.txt . Please attach that to your next reply.

Proud Member of UNITE & TB

#5 ROOFIE(MTL)

Authentic Member

Authentic Member
130 posts

Posted 27 June 2013 - 01:16 AM

Malwarebytes Anti-Rootkit BETA 1.06.0.1004 www.malwarebytes.org Database version: v2013.06.26.07 Windows 8 x64 NTFS Internet Explorer 10.0.9200.16599 RITTERBY :: RITTERBY-PC [administrator] 6/26/2013 9:45:06 PM mbar-log-2013-06-26 (21-45-06).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P Scan options disabled: PUP Objects scanned: 282848 Time elapsed: 49 minute(s), 14 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 2 HKCU\SOFTWARE\CLASSES\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} (Hijack.Trojan.Siredef.C) -> No action taken. HKCU\SOFTWARE\CLASSES\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\INPROCSERVER32 (Trojan.Zaccess) -> No action taken. Registry Values Detected: 1 HKCU\SOFTWARE\CLASSES\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\INPROCSERVER32| (Trojan.Zaccess) -> Data: C:\$Recycle.Bin\S-1-5-21-3155505729-549796363-3381092046-1000\$8032e41b85612782079b8eca8584d680\n. -> No action taken. Registry Data Items Detected: 1 HKLM\SOFTWARE\CLASSES\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\INPROCSERVER32| (Trojan.0Access) -> Bad: (C:\$Recycle.Bin\S-1-5-18\$8032e41b85612782079b8eca8584d680\n.) Good: (fastprox.dll) -> No action taken. Folders Detected: 6 c:\$Recycle.Bin\S-1-5-18\$8032e41b85612782079b8eca8584d680\U (Trojan.Siredef.C) -> No action taken. c:\$Recycle.Bin\S-1-5-21-3155505729-549796363-3381092046-1000\$8032e41b85612782079b8eca8584d680\U (Trojan.Siredef.C) -> No action taken. c:\$Recycle.Bin\S-1-5-18\$8032e41b85612782079b8eca8584d680\L (Trojan.Siredef.C) -> No action taken. c:\$Recycle.Bin\S-1-5-21-3155505729-549796363-3381092046-1000\$8032e41b85612782079b8eca8584d680\L (Trojan.Siredef.C) -> No action taken. c:\$Recycle.Bin\S-1-5-18\$8032e41b85612782079b8eca8584d680 (Trojan.Siredef.C) -> No action taken. c:\$Recycle.Bin\S-1-5-21-3155505729-549796363-3381092046-1000\$8032e41b85612782079b8eca8584d680 (Trojan.Siredef.C) -> No action taken. Files Detected: 2 c:\$Recycle.Bin\S-1-5-18\$8032e41b85612782079b8eca8584d680\@ (Trojan.Siredef.C) -> No action taken. c:\$Recycle.Bin\S-1-5-21-3155505729-549796363-3381092046-1000\$8032e41b85612782079b8eca8584d680\@ (Trojan.Siredef.C) -> No action taken. Physical Sectors Detected: 0 (No malicious items detected) (end)

#6 ----------------

SuperMember

Authentic Member
1,095 posts

Posted 27 June 2013 - 12:31 PM

Run another scan with mbar.exe and click the CleanUp button. It will require a reboot. When it has rebooted, run another scan with mbar.exe and click CleanUp again if necessary. Send the mbar-log.txt along with an update on machine behavior.

Proud Member of UNITE & TB

#7 ROOFIE(MTL)

Authentic Member

Authentic Member
130 posts

Posted 29 June 2013 - 12:27 AM

Here is the log:

Malwarebytes Anti-Rootkit BETA 1.06.0.1004
www.malwarebytes.org

Database version: v2013.06.28.04

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16599
RITTERBY :: RITTERBY-PC [administrator]

6/28/2013 6:34:06 AM
mbar-log-2013-06-28 (06-34-06).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Objects scanned: 282240
Time elapsed: 47 minute(s), 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

After running the program twice, our computer is still redirecting my Home page from MSN.com to t.msn.com and I receive the same pop ups from before about Java out of date and that sends me a new pop up that looks legit but probably not. here is that ones address.

http://8.29.133.134/.....assthru=com/i

Still not running good.

Edited by ROOFIE(MTL), 29 June 2013 - 12:34 AM.

#8 ----------------

SuperMember

Authentic Member
1,095 posts

Posted 30 June 2013 - 11:45 AM

I know but we had to take out the rootkit first. Please run OTL and hit the scan button. Attach the logfile to your reply.

Proud Member of UNITE & TB

#9 ROOFIE(MTL)

Authentic Member

Authentic Member
130 posts

Posted 30 June 2013 - 05:55 PM

Here is the new OTL file.

Thanks again.

OTL logfile created on: 6/30/2013 11:07:26 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\RITTERBY\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16599)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.96 Gb Total Physical Memory | 5.31 Gb Available Physical Memory | 66.70% Memory free
9.15 Gb Paging File | 6.42 Gb Available in Paging File | 70.11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111.69 Gb Total Space | 28.42 Gb Free Space | 25.44% Space Free | Partition Type: NTFS
Drive D: | 149.04 Gb Total Space | 143.23 Gb Free Space | 96.10% Space Free | Partition Type: NTFS

Computer Name: RITTERBY-PC | User Name: RITTERBY | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\RITTERBY\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\RITTERBY\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (Adobe Systems Incorporated)
PRC - C:\ProgramData\TVersity\Media Server\MediaServer.exe ()

========== Modules (No Company Name) ==========

MOD - C:\Users\RITTERBY\AppData\Roaming\Dropbox\bin\libcef.dll ()
MOD - C:\Users\RITTERBY\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll ()

========== Services (SafeList) ==========

SRV:64bit: - (VSSERV) -- C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe (Bitdefender)
SRV:64bit: - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation)
SRV:64bit: - (BrokerInfrastructure) -- C:\Windows\SysNative\bisrv.dll (Microsoft Corporation)
SRV:64bit: - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation)
SRV:64bit: - (BdDesktopParental) -- C:\Program Files\Bitdefender\Bitdefender 2013\bdparentalservice.exe (Bitdefender)
SRV:64bit: - (UPDATESRV) -- C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe (Bitdefender)
SRV:64bit: - (TimeBroker) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (CarboniteService) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe (Carbonite, Inc. (www.carbonite.com))
SRV:64bit: - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
SRV:64bit: - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation)
SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV:64bit: - (WSService) -- C:\Windows\SysNative\WSService.dll (Microsoft Corporation)
SRV:64bit: - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation)
SRV:64bit: - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation)
SRV:64bit: - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation)
SRV:64bit: - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation)
SRV:64bit: - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation)
SRV:64bit: - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation)
SRV:64bit: - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
SRV:64bit: - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation)
SRV:64bit: - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation)
SRV:64bit: - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation)
SRV:64bit: - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
SRV:64bit: - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation)
SRV:64bit: - (AllUserInstallAgent) -- C:\Windows\SysNative\AUInstallAgent.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (vmicvss) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicrdv) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (EPSON_EB_RPCV4_04) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE (SEIKO EPSON CORPORATION)
SRV:64bit: - (EPSON_PM_RPCV4_04) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE (SEIKO EPSON CORPORATION)
SRV:64bit: - (EpsonCustomerParticipation) -- C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe (SEIKO EPSON CORPORATION)
SRV:64bit: - (WinTabService) -- C:\Windows\SysNative\Drivers\WTSrv.exe (Tablet Driver)
SRV:64bit: - (nlsInterface) -- C:\Windows\SysNative\nlsInterface.exe (Nalpeiron Ltd.)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (PrintNotify) -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (asComSvc) -- C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe ()
SRV - (AsSysCtrlService) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe (ASUSTeK Computer Inc.)
SRV - (PCPitstop Scheduling) -- C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe (PC Pitstop LLC)
SRV - (TVersityMediaServer) -- C:\ProgramData\TVersity\Media Server\MediaServer.exe ()
SRV - (StorSvc) -- C:\Windows\SysWOW64\StorSvc.dll (Microsoft Corporation)
SRV - (asHmComSvc) -- C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe (ASUSTeK Computer Inc.)
SRV - (DymoPnpService) -- C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe (Sanford, L.P.)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)

========== Driver Services (SafeList) ==========

DRV:64bit: - (trufos) -- C:\Windows\SysNative\Drivers\trufos.sys (BitDefender S.R.L.)
DRV:64bit: - (USBHUB3) -- C:\Windows\SysNative\Drivers\USBHUB3.SYS (Microsoft Corporation)
DRV:64bit: - (UCX01000) -- C:\Windows\SysNative\Drivers\UCX01000.SYS (Microsoft Corporation)
DRV:64bit: - (spaceport) -- C:\Windows\SysNative\Drivers\spaceport.sys (Microsoft Corporation)
DRV:64bit: - (avc3) -- C:\Windows\SysNative\Drivers\avc3.sys (BitDefender)
DRV:64bit: - (BdfNdisf) -- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys (BitDefender LLC)
DRV:64bit: - (avckf) -- C:\Windows\SysNative\Drivers\avckf.sys (BitDefender)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\Drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (gzflt) -- C:\Windows\SysNative\Drivers\gzflt.sys (BitDefender LLC)
DRV:64bit: - (USBXHCI) -- C:\Windows\SysNative\Drivers\USBXHCI.SYS (Microsoft Corporation)
DRV:64bit: - (storahci) -- C:\Windows\SysNative\Drivers\storahci.sys (Microsoft Corporation)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\Drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\Drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (pdc) -- C:\Windows\SysNative\Drivers\pdc.sys (Microsoft Corporation)
DRV:64bit: - (BthAvrcpTg) -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys (Microsoft Corporation)
DRV:64bit: - (BDSandBox) -- C:\Windows\SysNative\Drivers\bdsandbox.sys (BitDefender SRL)
DRV:64bit: - (WdBoot) -- C:\Windows\SysNative\Drivers\WdBoot.sys (Microsoft Corporation)
DRV:64bit: - (WdFilter) -- C:\Windows\SysNative\Drivers\WdFilter.sys (Microsoft Corporation)
DRV:64bit: - (msgpiowin32) -- C:\Windows\SysNative\Drivers\msgpiowin32.sys (Microsoft Corporation)
DRV:64bit: - (bthhfhid) -- C:\Windows\SysNative\Drivers\BthhfHid.sys (Microsoft Corporation)
DRV:64bit: - (hidi2c) -- C:\Windows\SysNative\Drivers\hidi2c.sys (Microsoft Corporation)
DRV:64bit: - (FxPPM) -- C:\Windows\SysNative\Drivers\fxppm.sys (Microsoft Corporation)
DRV:64bit: - (bdfwfpf) -- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys (BitDefender LLC)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (sdstor) -- C:\Windows\SysNative\Drivers\sdstor.sys (Microsoft Corporation)
DRV:64bit: - (dam) -- C:\Windows\SysNative\Drivers\dam.sys (Microsoft Corporation)
DRV:64bit: - (WSDScan) -- C:\Windows\SysNative\Drivers\WSDScan.sys (Microsoft Corporation)
DRV:64bit: - (GPIOClx0101) -- C:\Windows\SysNative\Drivers\msgpioclx.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\Drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\Drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (asmtxhci) -- C:\Windows\SysNative\Drivers\asmtxhci.sys (ASMedia Technology Inc)
DRV:64bit: - (asmthub3) -- C:\Windows\SysNative\Drivers\asmthub3.sys (ASMedia Technology Inc)
DRV:64bit: - (Fs_Rec) -- C:\WINDOWS\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (condrv) -- C:\Windows\SysNative\Drivers\condrv.sys (Microsoft Corporation)
DRV:64bit: - (VSTXRAID) -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS (VIA Corporation)
DRV:64bit: - (VerifierExt) -- C:\Windows\SysNative\Drivers\VerifierExt.sys (Microsoft Corporation)
DRV:64bit: - (UASPStor) -- C:\Windows\SysNative\Drivers\uaspstor.sys (Microsoft Corporation)
DRV:64bit: - (acpiex) -- C:\Windows\SysNative\Drivers\acpiex.sys (Microsoft Corporation)
DRV:64bit: - (mvumis) -- C:\Windows\SysNative\Drivers\mvumis.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\Drivers\stexstor.sys (Promise Technology, Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\Drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (LSI_SSS) -- C:\Windows\SysNative\Drivers\lsi_sss.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\Drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (EhStorTcgDrv) -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys (Microsoft Corporation)
DRV:64bit: - (EhStorClass) -- C:\Windows\SysNative\Drivers\EhStorClass.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\Drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (3ware) -- C:\Windows\SysNative\Drivers\3ware.sys (LSI)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\Drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\Drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (CLFS) -- C:\Windows\SysNative\Drivers\clfs.sys (Microsoft Corporation)
DRV:64bit: - (WFPLWFS) -- C:\Windows\SysNative\Drivers\wfplwfs.sys (Microsoft Corporation)
DRV:64bit: - (vpci) -- C:\Windows\SysNative\Drivers\vpci.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\Drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\Drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (mshidumdf) -- C:\Windows\SysNative\Drivers\mshidumdf.sys (Microsoft Corporation)
DRV:64bit: - (BasicDisplay) -- C:\Windows\SysNative\Drivers\BasicDisplay.sys (Microsoft Corporation)
DRV:64bit: - (HyperVideo) -- C:\Windows\SysNative\Drivers\HyperVideo.sys (Microsoft Corporation)
DRV:64bit: - (BasicRender) -- C:\Windows\SysNative\Drivers\BasicRender.sys (Microsoft Corporation)
DRV:64bit: - (gencounter) -- C:\Windows\SysNative\Drivers\vmgencounter.sys (Microsoft Corporation)
DRV:64bit: - (kdnic) -- C:\Windows\SysNative\Drivers\kdnic.sys (Microsoft Corporation)
DRV:64bit: - (acpitime) -- C:\Windows\SysNative\Drivers\acpitime.sys (Microsoft Corporation)
DRV:64bit: - (npsvctrig) -- C:\Windows\SysNative\Drivers\npsvctrig.sys (Microsoft Corporation)
DRV:64bit: - (WpdUpFltr) -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys (Microsoft Corporation)
DRV:64bit: - (acpipagr) -- C:\Windows\SysNative\Drivers\acpipagr.sys (Microsoft Corporation)
DRV:64bit: - (hyperkbd) -- C:\Windows\SysNative\Drivers\hyperkbd.sys (Microsoft Corporation)
DRV:64bit: - (SerCx) -- C:\Windows\SysNative\Drivers\SerCx.sys (Microsoft Corporation)
DRV:64bit: - (SpbCx) -- C:\Windows\SysNative\Drivers\SpbCx.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\Drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (BthHFEnum) -- C:\Windows\SysNative\Drivers\bthhfenum.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\Drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (Vid) -- C:\Windows\SysNative\Drivers\Vid.sys (Microsoft Corporation)
DRV:64bit: - (storvsp) -- C:\Windows\SysNative\Drivers\storvsp.sys (Microsoft Corporation)
DRV:64bit: - (wpcfltr) -- C:\Windows\SysNative\Drivers\wpcfltr.sys (Microsoft Corporation)
DRV:64bit: - (vmbusr) -- C:\Windows\SysNative\Drivers\vmbusr.sys (Microsoft Corporation)
DRV:64bit: - (vpcivsp) -- C:\Windows\SysNative\Drivers\vpcivsp.sys (Microsoft Corporation)
DRV:64bit: - (NdisImPlatform) -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys (Microsoft Corporation)
DRV:64bit: - (MsLldp) -- C:\Windows\SysNative\Drivers\mslldp.sys (Microsoft Corporation)
DRV:64bit: - (Ndu) -- C:\Windows\SysNative\Drivers\Ndu.sys (Microsoft Corporation)
DRV:64bit: - (bdelam) -- C:\Windows\SysNative\Drivers\bdelam.sys (Bitdefender)
DRV:64bit: - (RTL8168) -- C:\Windows\SysNative\Drivers\Rt630x64.sys (Realtek )
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys (Rovi Corporation)
DRV:64bit: - (silabser) -- C:\Windows\SysNative\Drivers\silabser.sys (Silicon Laboratories)
DRV:64bit: - (silabenm) -- C:\Windows\SysNative\Drivers\silabenm.sys (Silicon Laboratories)
DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\Drivers\ssadmdm.sys (MCCI Corporation)
DRV:64bit: - (ssadbus) -- C:\Windows\SysNative\Drivers\ssadbus.sys (MCCI Corporation)
DRV:64bit: - (ssadmdfl) -- C:\Windows\SysNative\Drivers\ssadmdfl.sys (MCCI Corporation)
DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\Drivers\amd_sata.sys (Advanced Micro Devices)
DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\Drivers\amd_xata.sys (Advanced Micro Devices)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\Drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (UCTblHid) -- C:\Windows\SysNative\Drivers\UCTblHid.sys (Tablet Driver)
DRV:64bit: - (TClass2k) -- C:\Windows\SysNative\Drivers\TClass2k.sys (Tablet Driver)
DRV:64bit: - (PTSimHid) -- C:\Windows\SysNative\Drivers\PTSimHid.sys (PenTablet Driver)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys (TuneUp Software)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3C D3 A6 A3 F8 6E CD 01 [binary data]
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {C73CBA0A-EC66-4EC8-AB16-5E5134D06F51}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...amp;FORM=IE10SR
IE - HKCU\..\SearchScopes\{C73CBA0A-EC66-4EC8-AB16-5E5134D06F51}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@dymo.com/DymoLabelFramework: C:\Program Files (x86)\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll ( Sanford L.P.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@sony.com/Some: C:\Program Files (x86)\Sony\Bloggie Software\npsome.dll (Sony)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\RITTERBY\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2013\BDTBEXT [2012/11/12 00:36:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013/05/27 15:16:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/06/19 14:41:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/05/09 17:05:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\Bitdefender\Bitdefender 2013\bdtbext [2012/11/12 00:36:46 | 000,000,000 | ---D | M]

[2012/07/08 23:06:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RITTERBY\AppData\Roaming\mozilla\Extensions
[2013/06/26 00:38:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RITTERBY\AppData\Roaming\mozilla\Firefox\Profiles\kh6rjam7.xp\extensions
[2013/05/09 01:54:48 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\RITTERBY\AppData\Roaming\mozilla\firefox\profiles\kh6rjam7.xp\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/06/19 14:41:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/06/19 14:41:43 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{g
oogle:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:ins
tantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: AdobeExManDetect (Enabled) = C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll
CHR - plugin: AdobeAAMDetect (Enabled) = C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
CHR - plugin: DYMO Label Framework (Enabled) = C:\Program Files (x86)\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.10 (Enabled) = C:\WINDOWS\SysWOW64\npDeployJava1.dll
CHR - Extension: Google Drive = C:\Users\RITTERBY\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\RITTERBY\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\RITTERBY\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Gmail = C:\Users\RITTERBY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/07/09 00:41:46 | 000,001,028 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 lmlicenses.wip4.adobe.com
O1 - Hosts: 127.0.0.1 lm.licenses.adobe.com
O2:64bit: - BHO: (Save Valet) - {F0F12903-DE76-4DF7-BCDC-0A0689151189} - C:\Program Files (x86)\SaveValet\ie\SaveValetIE_64.dll (Save Valet)
O2 - BHO: (SelectionLinksBHO Class) - {5BDE3F24-D7B3-40D9-BD31-D1CFF12C47B4} - C:\Program Files (x86)\OApps\SelectionLinks.dll (SelectionLinks)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Save Valet) - {F0F12903-DE76-4DF7-BCDC-0A0689151189} - C:\Program Files (x86)\SaveValet\ie\SaveValetIE_32.dll (Save Valet)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Bdagent] C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe (Bitdefender)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [DLSService] C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe (Sanford, L.P.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Info Center] C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe (PC Pitstop LLC)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [WTClient] C:\WINDOWS\SysWow64\WTClient.exe (Tablet Driver)
O4 - HKCU..\Run: [cdloader] C:\Users\RITTERBY\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - Startup: C:\Users\RITTERBY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\RITTERBY\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\RITTERBY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]* in Local intranet)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://qtinstall.app...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus....k_sys_ctrl3.cab (asusTek_sysctrl Class)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcp...ols/pcmatic.cab (PCPitstop Utility)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2025ECCC-AF17-4010-8D13-82CCA88A33B3}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: wlidsvc - C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
NetSvcs:64bit: DsmSvc - C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
NetSvcs:64bit: NcaSvc - C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
NetSvcs:64bit: SystemEventsBroker - C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\WINDOWS\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/06/30 10:22:27 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\AppData\Local\{9229BA29-7561-41F6-B1AA-7C6F6B17E900}
[2013/06/29 22:22:22 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\AppData\Local\{2E1FAB8E-333C-4331-9EDA-B9BCA196BD5D}
[2013/06/29 10:22:16 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\AppData\Local\{D06C17C7-C5F5-4C59-91C7-B4B8AF83CDEC}
[2013/06/28 22:22:10 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\AppData\Local\{B2BE81C7-873A-4FED-8CAC-5E99901A6197}
[2013/06/28 10:22:04 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\AppData\Local\{AA1A5EE7-CAC7-4D23-8563-9FAF330930C8}
[2013/06/27 23:55:05 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\Desktop\New folder (2)
[2013/06/27 22:21:46 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\AppData\Local\{980792B2-9C98-4D2C-BC0B-83558547D593}
[2013/06/27 10:21:41 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\AppData\Local\{C1275EFB-EFF8-47F0-AA4C-BAF98E7421C4}
[2013/06/26 22:21:23 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\AppData\Local\{1D572812-A04B-42EC-9FEF-3B735F112A1B}
[2013/06/26 21:45:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013/06/26 21:39:13 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\Desktop\New folder
[2013/06/26 10:21:23 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\AppData\Local\{1678AE66-0B08-4D87-9D14-F15C3A64C575}
[2013/06/25 22:21:05 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\AppData\Local\{05C76734-7A3D-43C0-9792-C6E568D3BA4F}
[2013/06/25 10:20:59 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\AppData\Local\{400E873D-4108-4C37-B2AB-1B3B1A2D3477}
[2013/06/24 22:20:53 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\AppData\Local\{96E58C85-1F95-4928-B84A-30C75F87B596}
[2013/06/24 14:35:35 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\RITTERBY\Desktop\OTL.exe
[2013/06/24 14:20:59 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\RITTERBY\Desktop\HiJackThis.exe
[2013/06/24 10:20:47 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\AppData\Local\{FE22222D-C77F-4E4D-8D22-19B13F3420F3}
[2013/06/23 22:20:41 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\AppData\Local\{BCE3C186-DF97-4846-A67E-CA105345B8EE}
[2013/06/23 10:20:36 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\AppData\Local\{FB21F4CD-DF34-4907-B452-B758DA9C1747}
[2013/06/22 22:20:30 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\AppData\Local\{95B95D4D-DBCA-4E34-A3F6-B303624B66A6}
[2013/06/22 10:20:14 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\AppData\Local\{376ECD19-302C-4F98-BDD3-6B7BBE5C06C2}
[2013/06/22 09:59:16 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\AppData\Local\Programs
[2013/06/21 22:20:08 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\AppData\Local\{C141E13A-5851-44AC-ADB3-8843941DA14B}
[2013/06/21 10:20:03 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\AppData\Local\{F11F2DED-FC7C-456A-9837-A130E09984FA}
[2013/06/20 22:19:45 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\AppData\Local\{A3063381-8C1A-48D0-B93B-C8480EE15A00}
[2013/06/20 10:19:39 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\AppData\Local\{C150BDEE-06FC-4614-9CF5-27F5783A0702}
[2013/06/20 00:10:43 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javaws.exe
[2013/06/19 14:30:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SaveValet
[2013/06/19 14:30:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2013/06/19 14:29:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OApps
[2013/06/19 14:28:48 | 000,000,000 | ---D | C] -- C:\ProgramData\APN
[2013/06/19 11:09:38 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\AppData\Local\{BFB038C1-A25A-4B59-A344-A1876658FF81}
[2013/06/18 23:05:15 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\AppData\Local\{7EEE0CD3-D2AD-42A0-B60B-D7225153EDAC}
[2013/06/18 11:05:53 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\AppData\Local\{53DEB9F9-42B3-46DF-A074-3AF38D1ECAC1}
[2013/06/17 23:05:47 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\AppData\Local\{8419D6D6-E6B8-47BC-829B-9B72BAA5275C}
[2013/06/17 11:05:42 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\AppData\Local\{69C788DE-7C11-4812-B392-1FB398074879}
[2013/06/16 23:05:36 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\AppData\Local\{C9285C59-A46A-42E4-A5B5-F33CFDB2422C}
[2013/06/16 11:05:30 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\AppData\Local\{32947787-F252-4DC2-8A52-61FB68B2AEE6}
[2013/06/15 23:05:24 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\AppData\Local\{6116882F-02C9-4AB9-B4B5-B8EC73FAFF39}
[2013/06/15 16:27:34 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\tssdisai.dll
[2013/06/15 11:05:06 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\AppData\Local\{A8085A16-B51D-48F3-85A6-7E5CBB318282}
[2013/06/14 23:05:01 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\AppData\Local\{5DA4C0A8-583C-4E59-A7E9-C016FCC2E78C}
[2013/06/14 18:25:26 | 001,257,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\kernel32.dll
[2013/06/14 17:16:56 | 001,300,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\gdi32.dll
[2013/06/14 15:55:22 | 000,888,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\autochk.exe
[2013/06/14 15:55:22 | 000,542,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\untfs.dll
[2013/06/14 15:55:22 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\untfs.dll
[2013/06/14 15:55:21 | 000,793,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\autochk.exe
[2013/06/14 14:47:22 | 013,644,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.Xaml.dll
[2013/06/14 14:47:21 | 010,788,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.Xaml.dll
[2013/06/14 14:47:20 | 010,116,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\twinui.dll
[2013/06/14 14:47:20 | 001,131,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentServer.dll
[2013/06/14 14:47:19 | 000,470,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\netprofmsvc.dll
[2013/06/14 14:47:18 | 008,857,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\twinui.dll
[2013/06/14 14:47:18 | 002,305,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\authui.dll
[2013/06/14 14:47:18 | 002,035,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\authui.dll
[2013/06/14 14:47:18 | 000,820,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\gpprefcl.dll
[2013/06/14 14:47:18 | 000,760,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuapi.dll
[2013/06/14 14:47:18 | 000,446,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\USBHUB3.SYS
[2013/06/14 14:47:18 | 000,014,848 | ---- | C] (Microsoft) -- C:\WINDOWS\SysWow64\rars.rs
[2013/06/14 14:47:18 | 000,014,848 | ---- | C] (Microsoft) -- C:\WINDOWS\SysNative\rars.rs
[2013/06/14 14:47:17 | 000,812,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Magnify.exe
[2013/06/14 14:47:17 | 000,708,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentExtensions.dll
[2013/06/14 14:47:17 | 000,621,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wuapi.dll
[2013/06/14 14:47:17 | 000,560,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfmp4srcsnk.dll
[2013/06/14 14:47:17 | 000,501,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DevicePairing.dll
[2013/06/14 14:47:17 | 000,419,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\intl.cpl
[2013/06/14 14:47:17 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\BCP47Langs.dll
[2013/06/14 14:47:17 | 000,330,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\stobject.dll
[2013/06/14 14:47:17 | 000,328,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ubpm.dll
[2013/06/14 14:47:17 | 000,284,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\spaceport.sys
[2013/06/14 14:47:17 | 000,247,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ubpm.dll
[2013/06/14 14:47:17 | 000,213,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\UCX01000.SYS
[2013/06/14 14:47:17 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\netplwiz.dll
[2013/06/14 14:47:17 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\netplwiz.dll
[2013/06/14 14:47:17 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\psmsrv.dll
[2013/06/14 14:47:17 | 000,058,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuauclt.exe
[2013/06/14 14:47:16 | 001,619,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wucltux.dll
[2013/06/14 14:47:16 | 000,758,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Magnify.exe
[2013/06/14 14:47:16 | 000,582,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\gpprefcl.dll
[2013/06/14 14:47:16 | 000,449,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\DevicePairing.dll
[2013/06/14 14:47:16 | 000,411,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfmp4srcsnk.dll
[2013/06/14 14:47:16 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\intl.cpl
[2013/06/14 14:47:16 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\BCP47Langs.dll
[2013/06/14 14:47:16 | 000,251,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WUSettingsProvider.dll
[2013/06/14 14:47:16 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\bisrv.dll
[2013/06/14 14:47:16 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\storewuauth.dll
[2013/06/14 14:47:16 | 000,141,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuwebv.dll
[2013/06/14 14:47:16 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wuwebv.dll
[2013/06/14 14:47:16 | 000,122,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\biwinrt.dll
[2013/06/14 14:47:16 | 000,120,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AuthHost.exe
[2013/06/14 14:47:16 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wudriver.dll
[2013/06/14 14:47:16 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\biwinrt.dll
[2013/06/14 14:47:16 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wudriver.dll
[2013/06/14 14:47:16 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\hidclass.sys
[2013/06/14 14:47:15 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuapp.exe
[2013/06/14 14:47:15 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wuapp.exe
[2013/06/14 14:47:15 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\muifontsetup.dll
[2013/06/14 14:47:15 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\muifontsetup.dll
[2013/06/14 11:04:55 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\AppData\Local\{407A1131-8859-449D-9FF8-105512842511}
[2013/06/13 23:04:49 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\AppData\Local\{E4AC9785-3238-4190-BE65-91914426E8D6}
[2013/06/13 11:04:43 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\AppData\Local\{F03E558D-BB83-4C5B-825C-FC2EA9946FDA}
[2013/06/12 23:04:37 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\AppData\Local\{57BFC160-CEFC-444A-B315-CA63EE3CD1C7}
[2013/06/12 12:13:46 | 001,889,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\crypt32.dll
[2013/06/12 12:13:46 | 001,255,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\certutil.exe
[2013/06/12 12:13:46 | 001,013,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\certutil.exe
[2013/06/12 12:13:46 | 000,141,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\cryptnet.dll
[2013/06/12 11:52:38 | 000,733,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\win32spl.dll
[2013/06/12 11:30:09 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\cryptdlg.dll
[2013/06/12 11:30:09 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\cryptdlg.dll
[2013/06/12 11:04:31 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\AppData\Local\{33EB649F-1423-444D-BD8A-8C97783F4947}
[2013/06/12 10:52:18 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9.dll
[2013/06/12 10:52:16 | 000,915,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\uxtheme.dll
[2013/06/12 10:52:16 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript.dll
[2013/06/12 10:52:16 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\jscript.dll
[2013/06/12 10:52:16 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msfeeds.dll
[2013/06/12 10:52:16 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\UXInit.dll
[2013/06/12 10:52:16 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ie4uinit.exe
[2013/06/12 10:52:16 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\UXInit.dll
[2013/06/11 23:04:26 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\AppData\Local\{D53C96B4-0532-4CAB-A4B8-2F725F931C05}
[2013/06/11 11:04:20 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\AppData\Local\{8A139C0F-EC5E-4D9E-BC1D-83602D8F3F70}
[2013/06/10 23:04:14 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\AppData\Local\{966D3950-C4F4-41FB-B350-51BB959A76B5}
[2013/06/10 17:19:08 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\Desktop\Brave
[2013/06/10 11:04:08 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\AppData\Local\{7F7BC70C-03BF-489A-951B-78FEDE397050}
[2013/06/09 23:03:50 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\AppData\Local\{8BD76B90-D385-48EA-AAC7-06FCD5F94D62}
[2013/06/09 11:03:44 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\AppData\Local\{429E8538-D223-4A02-8762-297C9D67F0BA}
[2013/06/08 23:03:38 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\AppData\Local\{6766FA93-29A5-45FC-8675-156C17E90874}
[2013/06/08 11:03:21 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\AppData\Local\{E1F1DFD0-4CFC-4239-8BD5-6642F7D2AB8F}
[2013/06/07 23:03:15 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\AppData\Local\{2E2F0CC9-8892-493A-8A32-9B2DC1DEF0AC}
[2013/06/07 11:03:09 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\AppData\Local\{D2E1FE4B-837A-4FCD-9255-E45E343DDEC2}
[2013/06/06 23:03:03 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\AppData\Local\{CB572939-A135-4613-B7DC-A0F371F9D7E1}
[2013/06/06 11:02:57 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\AppData\Local\{9F62446F-AD3A-4882-90D6-7CDC330E2EFB}
[2013/06/05 23:02:52 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\AppData\Local\{65A719A3-F70F-4A6E-91B6-07A593607290}
[2013/06/05 11:02:34 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\AppData\Local\{EF6D9AC7-091C-4BDE-B7AB-DC2FEDF1F00E}
[2013/06/04 23:02:28 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\AppData\Local\{0CE932BB-B993-4AEC-8889-F81218068DB0}
[2013/06/04 11:02:22 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\AppData\Local\{5417381D-0443-496F-B859-FF7F991F167C}
[2013/06/03 23:02:16 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\AppData\Local\{218C773E-72AB-4A46-85F6-93F639C734C9}
[2013/06/03 11:02:10 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\AppData\Local\{3397CE4C-8AD6-4FCB-966E-A55A54371EB6}
[2013/06/02 23:02:05 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\AppData\Local\{5B94A5F8-E404-48DB-B933-F93A9043D4A4}
[2013/06/02 11:01:59 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\AppData\Local\{1BF2BF6B-1999-4A30-8385-807A9F02C62C}
[2013/06/01 23:01:53 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\AppData\Local\{3403434F-13E5-4231-9400-B1F703892C87}
[2013/06/01 11:01:47 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\AppData\Local\{E8455A15-7CBC-45D6-A213-E0DA5464CB8D}
[2013/05/31 23:01:41 | 000,000,000 | ---D | C] -- C:\Users\RITTERBY\AppData\Local\{FB9AD3C1-3FB7-4807-A86F-D4E8DF0DE223}
[2013/05/06 04:22:54 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\8blor.dat

========== Files - Modified Within 30 Days ==========

[2013/06/30 10:42:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/06/30 10:28:05 | 000,001,116 | ---- | M] () -- C:\Users\RITTERBY\Desktop\Cheesy Baked Dip.rtf
[2013/06/30 10:27:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/30 06:11:50 | 000,000,408 | ---- | M] () -- C:\WINDOWS\SysWow64\tversity.cookies
[2013/06/30 02:27:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/28 21:49:53 | 000,848,230 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2013/06/28 21:49:53 | 000,718,176 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2013/06/28 21:49:53 | 000,132,542 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2013/06/28 06:27:31 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/06/28 06:25:29 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013/06/26 00:25:12 | 000,377,856 | ---- | M] () -- C:\Users\RITTERBY\Desktop\h16d537c.exe
[2013/06/24 14:35:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\RITTERBY\Desktop\OTL.exe
[2013/06/24 14:20:59 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\RITTERBY\Desktop\HiJackThis.exe
[2013/06/22 09:59:31 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/06/21 10:36:27 | 000,242,995 | ---- | M] () -- C:\Users\RITTERBY\Desktop\Guildcraft Summer pinwheel.pdf
[2013/06/20 10:45:56 | 000,010,709 | ---- | M] () -- C:\Users\RITTERBY\Desktop\Thick and Creamy Broccoli Cheddar Soup.rtf
[2013/06/19 14:30:03 | 000,000,000 | ---- | M] () -- C:\end
[2013/06/19 11:08:04 | 007,090,768 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2013/06/13 12:28:35 | 000,108,553 | ---- | M] () -- C:\Users\RITTERBY\Desktop\Tablets.jpg
[2013/06/13 12:28:35 | 000,108,553 | ---- | M] () -- C:\Users\RITTERBY\Desktop\4824-c-sq.jpg
[2013/06/12 21:48:23 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\npDeployJava1.dll
[2013/06/12 21:48:17 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\deployJava1.dll
[2013/06/12 21:47:57 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\WindowsAccessBridge-32.dll
[2013/06/12 21:43:48 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javaws.exe
[2013/06/12 21:43:44 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javaw.exe
[2013/06/12 21:43:25 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\java.exe
[2013/06/11 21:20:21 | 000,001,055 | ---- | M] () -- C:\Users\RITTERBY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/06/08 18:26:49 | 000,003,240 | ---- | M] () -- C:\Users\RITTERBY\Desktop\Do it Yourself.rtf
[2013/06/08 10:59:24 | 000,638,065 | ---- | M] () -- C:\Users\RITTERBY\Desktop\Turtles_O.png
[2013/06/08 10:59:23 | 000,000,132 | ---- | M] () -- C:\Users\RITTERBY\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2013/06/08 10:57:11 | 001,017,289 | ---- | M] () -- C:\Users\RITTERBY\Desktop\Turtles.png
[2013/06/07 00:30:47 | 001,040,322 | ---- | M] () -- C:\Users\RITTERBY\Desktop\Sofia.png
[2013/06/07 00:21:11 | 000,937,182 | ---- | M] () -- C:\Users\RITTERBY\Desktop\OneDirection.png
[2013/06/07 00:20:33 | 000,730,199 | ---- | M] () -- C:\Users\RITTERBY\Desktop\OneDirection_O.png
[2013/06/06 17:29:36 | 000,531,949 | ---- | M] () -- C:\Users\RITTERBY\Desktop\NinjagoZX_O.png
[2013/06/06 17:28:12 | 000,969,543 | ---- | M] () -- C:\Users\RITTERBY\Desktop\NinjagoZX.png
[2013/06/06 17:25:14 | 000,527,492 | ---- | M] () -- C:\Users\RITTERBY\Desktop\Ninjago_O.png
[2013/06/06 17:21:52 | 000,960,237 | ---- | M] () -- C:\Users\RITTERBY\Desktop\Ninjago.png
[2013/06/06 17:16:51 | 000,710,621 | ---- | M] () -- C:\Users\RITTERBY\Desktop\MonsterHigh_O.png
[2013/06/06 16:59:46 | 000,981,794 | ---- | M] () -- C:\Users\RITTERBY\Desktop\MonsterHigh.png
[2013/06/05 13:05:21 | 000,382,536 | ---- | M] (BitDefender S.R.L.) -- C:\WINDOWS\SysNative\drivers\trufos.sys
[2013/06/04 15:09:22 | 000,693,112 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
[2013/06/04 15:09:22 | 000,078,200 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
[2013/06/02 01:28:49 | 000,208,014 | ---- | M] () -- C:\Users\RITTERBY\Desktop\vmf-font_anha-queen-vmf.zip
[2013/06/02 01:27:34 | 000,043,873 | ---- | M] () -- C:\Users\RITTERBY\Desktop\b09d0b6c0b024ed4bc79f1e43a24eb44.jpg
[2013/06/02 01:21:18 | 000,104,447 | ---- | M] () -- C:\Users\RITTERBY\Desktop\aldus_royal.zip
[2013/06/02 01:18:48 | 000,157,193 | ---- | M] () -- C:\Users\RITTERBY\Desktop\dexsar-harry-anugrah_dhf-milestone-script-demo.zip
[2013/06/02 01:17:53 | 000,479,361 | ---- | M] () -- C:\Users\RITTERBY\Desktop\0d1beede37c14accb9a047cda0ea99b8.png
[2013/06/02 01:16:53 | 001,490,298 | ---- | M] () -- C:\Users\RITTERBY\Desktop\khryskreations_kbastitchintime.zip
[2013/06/02 01:15:22 | 000,623,930 | ---- | M] () -- C:\Users\RITTERBY\Desktop\kc-fonts_urban-jungle.zip
[2013/06/02 01:13:31 | 000,302,526 | ---- | M] () -- C:\Users\RITTERBY\Desktop\mÃ¥ns-grebÃ¤ck_ventography-personal-use-only.zip

========== Files Created - No Company Name ==========

[2013/06/30 10:28:05 | 000,001,116 | ---- | C] () -- C:\Users\RITTERBY\Desktop\Cheesy Baked Dip.rtf
[2013/06/26 00:25:12 | 000,377,856 | ---- | C] () -- C:\Users\RITTERBY\Desktop\h16d537c.exe
[2013/06/22 09:59:31 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/06/21 10:36:27 | 000,242,995 | ---- | C] () -- C:\Users\RITTERBY\Desktop\Guildcraft Summer pinwheel.pdf
[2013/06/19 14:29:59 | 000,000,000 | ---- | C] () -- C:\end
[2013/06/19 11:08:01 | 007,090,768 | ---- | C] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2013/06/14 14:47:15 | 000,386,646 | ---- | C] () -- C:\WINDOWS\SysNative\ApnDatabase.xml
[2013/06/13 12:29:15 | 000,108,553 | ---- | C] () -- C:\Users\RITTERBY\Desktop\Tablets.jpg
[2013/06/13 12:28:53 | 000,108,553 | ---- | C] () -- C:\Users\RITTERBY\Desktop\4824-c-sq.jpg
[2013/06/10 10:24:18 | 000,010,709 | ---- | C] () -- C:\Users\RITTERBY\Desktop\Thick and Creamy Broccoli Cheddar Soup.rtf
[2013/06/08 18:26:49 | 000,003,240 | ---- | C] () -- C:\Users\RITTERBY\Desktop\Do it Yourself.rtf
[2013/06/08 10:59:20 | 000,638,065 | ---- | C] () -- C:\Users\RITTERBY\Desktop\Turtles_O.png
[2013/06/08 10:57:09 | 001,017,289 | ---- | C] () -- C:\Users\RITTERBY\Desktop\Turtles.png
[2013/06/07 00:30:44 | 001,040,322 | ---- | C] () -- C:\Users\RITTERBY\Desktop\Sofia.png
[2013/06/07 00:21:09 | 000,937,182 | ---- | C] () -- C:\Users\RITTERBY\Desktop\OneDirection.png
[2013/06/07 00:20:30 | 000,730,199 | ---- | C] () -- C:\Users\RITTERBY\Desktop\OneDirection_O.png
[2013/06/06 17:29:34 | 000,531,949 | ---- | C] () -- C:\Users\RITTERBY\Desktop\NinjagoZX_O.png
[2013/06/06 17:28:09 | 000,969,543 | ---- | C] () -- C:\Users\RITTERBY\Desktop\NinjagoZX.png
[2013/06/06 17:25:12 | 000,527,492 | ---- | C] () -- C:\Users\RITTERBY\Desktop\Ninjago_O.png
[2013/06/06 17:21:49 | 000,960,237 | ---- | C] () -- C:\Users\RITTERBY\Desktop\Ninjago.png
[2013/06/06 17:16:48 | 000,710,621 | ---- | C] () -- C:\Users\RITTERBY\Desktop\MonsterHigh_O.png
[2013/06/06 16:59:35 | 000,981,794 | ---- | C] () -- C:\Users\RITTERBY\Desktop\MonsterHigh.png
[2013/06/02 01:28:56 | 000,043,873 | ---- | C] () -- C:\Users\RITTERBY\Desktop\b09d0b6c0b024ed4bc79f1e43a24eb44.jpg
[2013/06/02 01:28:49 | 000,208,014 | ---- | C] () -- C:\Users\RITTERBY\Desktop\vmf-font_anha-queen-vmf.zip
[2013/06/02 01:21:18 | 000,104,447 | ---- | C] () -- C:\Users\RITTERBY\Desktop\aldus_royal.zip
[2013/06/02 01:18:48 | 000,157,193 | ---- | C] () -- C:\Users\RITTERBY\Desktop\dexsar-harry-anugrah_dhf-milestone-script-demo.zip
[2013/06/02 01:18:34 | 000,479,361 | ---- | C] () -- C:\Users\RITTERBY\Desktop\0d1beede37c14accb9a047cda0ea99b8.png
[2013/06/02 01:16:53 | 001,490,298 | ---- | C] () -- C:\Users\RITTERBY\Desktop\khryskreations_kbastitchintime.zip
[2013/06/02 01:15:21 | 000,623,930 | ---- | C] () -- C:\Users\RITTERBY\Desktop\kc-fonts_urban-jungle.zip
[2013/06/02 01:13:31 | 000,302,526 | ---- | C] () -- C:\Users\RITTERBY\Desktop\mÃ¥ns-grebÃ¤ck_ventography-personal-use-only.zip
[2013/05/06 04:22:50 | 095,023,320 | ---- | C] () -- C:\ProgramData\23lldnur.pad
[2013/05/06 04:15:19 | 000,000,151 | ---- | C] () -- C:\ProgramData\lot84.reg
[2013/05/06 04:15:19 | 000,000,055 | ---- | C] () -- C:\ProgramData\lot84.bat
[2013/05/06 04:15:18 | 095,023,320 | ---- | C] () -- C:\ProgramData\lot84.pad
[2013/05/06 04:15:18 | 095,023,320 | ---- | C] () -- C:\ProgramData\ej3gq.pad
[2013/01/02 22:23:17 | 000,000,062 | ---- | C] () -- C:\WINDOWS\ENX330.ini
[2012/12/19 20:39:48 | 000,000,132 | ---- | C] () -- C:\Users\RITTERBY\AppData\Roaming\Adobe IllExport Filter CS6 Prefs
[2012/12/10 22:14:04 | 000,003,584 | ---- | C] () -- C:\Users\RITTERBY\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/11/12 00:37:27 | 000,481,294 | ---- | C] () -- C:\ProgramData\1352705226.bdinstall.bin
[2012/11/12 00:18:10 | 000,206,080 | ---- | C] () -- C:\ProgramData\1352704622.bdinstall.bin
[2012/11/11 12:09:48 | 000,083,968 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll
[2012/10/11 20:49:54 | 000,004,608 | ---- | C] () -- C:\WINDOWS\SysWow64\Viveza2FC64.dll
[2012/10/11 20:48:50 | 000,003,072 | ---- | C] () -- C:\WINDOWS\SysWow64\Viveza2FC32.dll
[2012/10/11 12:35:35 | 000,003,584 | ---- | C] () -- C:\WINDOWS\SysWow64\SilverEfexPro2FC32.dll
[2012/09/16 13:37:42 | 000,000,320 | -H-- | C] () -- C:\WINDOWS\€nlsPreferences.dat
[2012/09/11 14:18:08 | 000,000,037 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2012/09/10 13:45:05 | 000,000,083 | ---- | C] () -- C:\WINDOWS\EPSPR260.ini
[2012/09/04 19:17:56 | 000,326,144 | ---- | C] () -- C:\WINDOWS\SysWow64\ColorEfexPro4FC32.dll
[2012/09/04 12:00:40 | 002,510,464 | ---- | C] () -- C:\WINDOWS\PE_Rom.dll
[2012/08/13 14:28:54 | 000,108,777 | ---- | C] () -- C:\ProgramData\1344893305.bdinstall.bin
[2012/08/13 14:20:03 | 000,364,341 | ---- | C] () -- C:\ProgramData\1344892342.bdinstall.bin
[2012/08/01 22:52:50 | 000,000,116 | ---- | C] () -- C:\WINDOWS\ULEAD32.INI
[2012/07/26 01:13:10 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2012/07/26 01:13:09 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2012/07/26 00:21:26 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/07/25 18:17:42 | 000,043,520 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2012/07/25 13:37:29 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2012/07/25 13:28:31 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2012/07/21 23:34:00 | 000,000,132 | ---- | C] () -- C:\Users\RITTERBY\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2012/07/17 20:24:08 | 000,002,437 | ---- | C] () -- C:\WINDOWS\Tablet10000x6583.ini
[2012/07/09 21:19:52 | 000,003,584 | ---- | C] () -- C:\WINDOWS\SysWow64\HDREfexPro2FC32.dll
[2012/07/08 22:18:57 | 000,073,220 | ---- | C] () -- C:\WINDOWS\SysWow64\EPPICPrinterDB.dat
[2012/07/08 22:18:57 | 000,031,053 | ---- | C] () -- C:\WINDOWS\SysWow64\EPPICPattern131.dat
[2012/07/08 22:18:57 | 000,029,114 | ---- | C] () -- C:\WINDOWS\SysWow64\EPPICPattern1.dat
[2012/07/08 22:18:57 | 000,027,417 | ---- | C] () -- C:\WINDOWS\SysWow64\EPPICPattern121.dat
[2012/07/08 22:18:57 | 000,021,021 | ---- | C] () -- C:\WINDOWS\SysWow64\EPPICPattern3.dat
[2012/07/08 22:18:57 | 000,015,670 | ---- | C] () -- C:\WINDOWS\SysWow64\EPPICPattern5.dat
[2012/07/08 22:18:57 | 000,013,280 | ---- | C] () -- C:\WINDOWS\SysWow64\EPPICPattern2.dat
[2012/07/08 22:18:57 | 000,010,673 | ---- | C] () -- C:\WINDOWS\SysWow64\EPPICPattern4.dat
[2012/07/08 22:18:57 | 000,004,943 | ---- | C] () -- C:\WINDOWS\SysWow64\EPPICPattern6.dat
[2012/07/08 22:18:57 | 000,001,140 | ---- | C] () -- C:\WINDOWS\SysWow64\EPPICPresetData_PT.dat
[2012/07/08 22:18:57 | 000,001,140 | ---- | C] () -- C:\WINDOWS\SysWow64\EPPICPresetData_BP.dat
[2012/07/08 22:18:57 | 000,001,137 | ---- | C] () -- C:\WINDOWS\SysWow64\EPPICPresetData_ES.dat
[2012/07/08 22:18:57 | 000,001,130 | ---- | C] () -- C:\WINDOWS\SysWow64\EPPICPresetData_FR.dat
[2012/07/08 22:18:57 | 000,001,130 | ---- | C] () -- C:\WINDOWS\SysWow64\EPPICPresetData_CF.dat
[2012/07/08 22:18:57 | 000,001,104 | ---- | C] () -- C:\WINDOWS\SysWow64\EPPICPresetData_EN.dat
[2012/07/08 22:18:57 | 000,000,097 | ---- | C] () -- C:\WINDOWS\SysWow64\PICSDK.ini
[2012/07/08 22:17:48 | 000,000,084 | ---- | C] () -- C:\WINDOWS\EPSPRX595.ini
[2012/07/08 21:49:34 | 000,000,036 | -H-- | C] () -- C:\WINDOWS\SysWow64\f9t.dat
[2012/07/07 10:53:32 | 000,481,832 | ---- | C] () -- C:\ProgramData\1341683489.bdinstall.bin
[2012/07/05 11:06:54 | 000,015,232 | ---- | C] () -- C:\WINDOWS\SysWow64\drivers\AsIO.sys
[2012/07/05 11:06:33 | 000,011,832 | ---- | C] () -- C:\WINDOWS\SysWow64\drivers\AsInsHelp64.sys
[2012/07/05 10:57:24 | 000,001,769 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
[2012/07/05 10:57:15 | 000,027,769 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2012/06/02 07:31:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat

========== ZeroAccess Check ==========

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/03/05 23:31:28 | 019,758,592 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/03/05 22:03:37 | 017,561,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\WINDOWS\SysNative\Wbem\fastprox.dll -- [2012/07/25 20:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/25 20:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/25 20:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/02/26 17:30:36 | 000,000,000 | ---D | M] -- C:\Users\RITTERBY\AppData\Roaming\.minecraft
[2012/08/01 22:35:31 | 000,000,000 | ---D | M] -- C:\Users\RITTERBY\AppData\Roaming\Alien Skin
[2012/11/12 00:36:37 | 000,000,000 | ---D | M] -- C:\Users\RITTERBY\AppData\Roaming\Bitdefender
[2012/07/09 01:05:25 | 000,000,000 | ---D | M] -- C:\Users\RITTERBY\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/12/08 23:06:03 | 000,000,000 | ---D | M] -- C:\Users\RITTERBY\AppData\Roaming\com.adobe.WidgetBrowser
[2013/06/28 06:26:25 | 000,000,000 | ---D | M] -- C:\Users\RITTERBY\AppData\Roaming\Dropbox
[2013/01/30 20:11:44 | 000,000,000 | ---D | M] -- C:\Users\RITTERBY\AppData\Roaming\eCraftShop Pro
[2013/03/10 08:15:11 | 000,000,000 | ---D | M] -- C:\Users\RITTERBY\AppData\Roaming\Epson
[2012/10/12 13:20:36 | 000,000,000 | ---D | M] -- C:\Users\RITTERBY\AppData\Roaming\Extensis
[2013/01/20 08:23:03 | 000,000,000 | ---D | M] -- C:\Users\RITTERBY\AppData\Roaming\Flash Video Capture Data
[2013/02/17 15:19:25 | 000,000,000 | ---D | M] -- C:\Users\RITTERBY\AppData\Roaming\ImgBurn
[2012/07/08 22:27:22 | 000,000,000 | ---D | M] -- C:\Users\RITTERBY\AppData\Roaming\Leadertech
[2013/05/09 17:05:02 | 000,000,000 | ---D | M] -- C:\Users\RITTERBY\AppData\Roaming\mjusbsp
[2012/10/21 19:19:17 | 000,000,000 | ---D | M] -- C:\Users\RITTERBY\AppData\Roaming\Nik Software
[2013/04/06 18:27:22 | 000,000,000 | ---D | M] -- C:\Users\RITTERBY\AppData\Roaming\OpenOffice.org
[2012/07/07 10:51:33 | 000,000,000 | ---D | M] -- C:\Users\RITTERBY\AppData\Roaming\QuickScan
[2012/07/07 10:48:59 | 000,000,000 | ---D | M] -- C:\Users\RITTERBY\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2013/02/20 16:54:11 | 000,000,000 | ---D | M] -- C:\Users\RITTERBY\AppData\Roaming\Stamps.com Internet Postage
[2013/04/13 06:56:09 | 000,000,000 | ---D | M] -- C:\Users\RITTERBY\AppData\Roaming\TuneUp Software
[2012/07/07 11:30:58 | 000,000,000 | ---D | M] -- C:\Users\RITTERBY\AppData\Roaming\Windows Live Writer

========== Purity Check ==========

========== Custom Scans ==========

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< %temp%\smtmp\*.* /s > >

< MD5 for: EXPLORER.0.LOCALSETTINGUNIT >
[2013/06/24 16:48:15 | 000,000,372 | -HS- | M] () MD5=5D391848FA3196FE4ABDAE3E476089F4 -- C:\Users\RITTERBY\AppData\Local\Microsoft\Windows\Live\Roaming\LocalCache\windows-explorer\Explorer.0.localsettingunit

< MD5 for: EXPLORER.ADML >
[2012/07/26 00:49:05 | 000,003,671 | ---- | M] () MD5=007B16AEF3E958080573CDB80648167D -- C:\Windows\PolicyDefinitions\en-US\Explorer.adml
[2012/07/26 00:49:05 | 000,003,671 | ---- | M] () MD5=007B16AEF3E958080573CDB80648167D -- C:\Windows\WinSxS\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.2.9200.16384_en-us_7bca26f6f419a854\Explorer.adml
[2012/07/26 00:49:05 | 000,003,671 | ---- | M] () MD5=007B16AEF3E958080573CDB80648167D -- C:\Windows\WinSxS\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.2.9200.16433_en-us_7bff382ef3f2006f\Explorer.adml
[2012/07/26 00:49:05 | 000,003,671 | ---- | M] () MD5=007B16AEF3E958080573CDB80648167D -- C:\Windows\WinSxS\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.2.9200.20534_en-us_7c89d5440d0eb990\Explorer.adml

< MD5 for: EXPLORER.ADMX >
[2012/06/02 07:32:35 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\PolicyDefinitions\Explorer.admx
[2012/06/02 07:32:35 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\WinSxS\amd64_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.2.9200.16384_none_6e8451187a9a1607\Explorer.admx
[2012/06/02 07:32:35 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\WinSxS\amd64_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.2.9200.16420_none_6ec1315e7a6d062c\Explorer.admx
[2012/06/02 07:32:35 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\WinSxS\amd64_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.2.9200.16433_none_6eb962507a726e22\Explorer.admx
[2012/06/02 07:32:35 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\WinSxS\amd64_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.2.9200.20521_none_6f4bce739389bf4d\Explorer.admx
[2012/06/02 07:32:35 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\WinSxS\amd64_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.2.9200.20534_none_6f43ff65938f2743\Explorer.admx

< MD5 for: EXPLORER.EXE >
[2013/06/20 02:56:39 | 000,145,657 | ---- | M] () MD5=3FBB1FA604CE4D9D3526D11ACFAF7DDC -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16384_none_b4d2f8c937e166b1\explorer.exe
[2013/06/20 01:53:38 | 000,003,739 | ---- | M] () MD5=5249D1F59FCFE3E20E11A726A40CB4CB -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.20534_none_ab3dfcc41c75b5f2\explorer.exe
[2013/06/20 01:53:36 | 000,188,441 | ---- | M] () MD5=557B5A6154515EC7A0A7A1E383925466 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16384_none_aa7e4e770380a4b6\explorer.exe
[2012/10/10 22:56:41 | 002,115,952 | ---- | M] (Microsoft Corporation) MD5=953ADECFF08202A01EFC6110214FDE02 -- C:\Windows\SysWOW64\explorer.exe
[2012/10/10 22:56:41 | 002,115,952 | ---- | M] (Microsoft Corporation) MD5=953ADECFF08202A01EFC6110214FDE02 -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16433_none_b5080a0137b9becc\explorer.exe
[2013/06/20 02:56:42 | 000,004,958 | ---- | M] () MD5=C40575A4EA953D5723D9AF602BDC47CC -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.20534_none_b592a71650d677ed\explorer.exe
[2012/10/11 00:35:16 | 002,380,944 | ---- | M] (Microsoft Corporation) MD5=E13A31D5254C25406A7946BDD9B06364 -- C:\Windows\explorer.exe
[2012/10/11 00:35:16 | 002,380,944 | ---- | M] (Microsoft Corporation) MD5=E13A31D5254C25406A7946BDD9B06364 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16433_none_aab35faf0358fcd1\explorer.exe

< MD5 for: EXPLORER.EXE.MUI >
[2012/07/26 00:48:57 | 000,020,480 | ---- | M] (Microsoft Corporation) MD5=C25D32FEDB5AA6FF87B5A29D56D35FFA -- C:\Windows\en-US\explorer.exe.mui
[2012/07/26 00:48:57 | 000,020,480 | ---- | M] (Microsoft Corporation) MD5=C25D32FEDB5AA6FF87B5A29D56D35FFA -- C:\Windows\SysWOW64\en-US\explorer.exe.mui
[2012/07/26 00:48:57 | 000,020,480 | ---- | M] (Microsoft Corporation) MD5=C25D32FEDB5AA6FF87B5A29D56D35FFA -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.2.9200.16384_en-us_5ebc2e81fd6600eb\explorer.exe.mui
[2012/07/26 00:48:57 | 000,020,480 | ---- | M] (Microsoft Corporation) MD5=C25D32FEDB5AA6FF87B5A29D56D35FFA -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.2.9200.16384_en-us_6910d8d431c6c2e6\explorer.exe.mui

< MD5 for: EXPLORER.EXE-254441E9.PF >
[2013/06/25 10:02:32 | 000,049,838 | ---- | M] () MD5=215E5467B9FAC795A1E724DDEA2D141D -- C:\Windows\Prefetch\EXPLORER.EXE-254441E9.pf

< MD5 for: EXPLORER.EXE-A80E4F97.PF >
[2013/06/25 10:01:53 | 000,338,170 | ---- | M] () MD5=3E944F91E873145DE5F82CD18F52E22A -- C:\Windows\Prefetch\EXPLORER.EXE-A80E4F97.pf

< MD5 for: IEXPLORE.EXE >
[2013/06/20 02:57:06 | 000,005,075 | ---- | M] () MD5=0170D54727763244DF46FF1851A0F894 -- C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.16453_none_424f65b12083d79a\iexplore.exe
[2013/06/20 02:57:05 | 000,005,080 | ---- | M] () MD5=025B587AA818ABF68CBB43C6D4D87C8C -- C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.16442_none_424e7c2f2084a4a2\iexplore.exe
[2013/06/20 02:57:08 | 000,004,525 | ---- | M] () MD5=110621BED30F86833AB0783C907DF6BA -- C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.16519_none_42400bed209027f5\iexplore.exe
[2013/06/20 01:54:54 | 000,005,635 | ---- | M] () MD5=137882A83A57DE93163088225513AF0C -- C:\Windows\WinSxS\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.16442_none_37f9d1dcec23e2a7\iexplore.exe
[2013/06/20 02:57:11 | 000,005,022 | ---- | M] () MD5=4F909D1FC1F456C7CC3F31D528C22414 -- C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.20544_none_2b75d8173a34538a\iexplore.exe
[2013/06/20 02:57:15 | 000,005,039 | ---- | M] () MD5=5388291261B38DC52ABD98ADF41A9E94 -- C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.20684_none_2b6f09533a38d4d7\iexplore.exe
[2013/06/20 01:54:56 | 000,006,244 | ---- | M] () MD5=5473399D247920265D4359BB198CD0DF -- C:\Windows\WinSxS\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.16519_none_37eb619aec2f65fa\iexplore.exe
[2013/06/20 01:54:59 | 000,006,213 | ---- | M] () MD5=6065266209C2B874827E55470906E40C -- C:\Windows\WinSxS\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.20589_none_2124bd0505d07710\iexplore.exe
[2013/02/21 05:59:57 | 000,775,216 | ---- | M] (Microsoft Corporation) MD5=6554208814632C25C77EE02355EB8E95 -- C:\Program Files\Internet Explorer\iexplore.exe
[2013/02/21 05:59:57 | 000,775,216 | ---- | M] (Microsoft Corporation) MD5=6554208814632C25C77EE02355EB8E95 -- C:\Windows\WinSxS\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.16540_none_37ef2f80ec2bcb56\iexplore.exe
[2013/02/21 05:59:57 | 000,775,216 | ---- | M] (Microsoft Corporation) MD5=6554208814632C25C77EE02355EB8E95 -- C:\Windows\WinSxS\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.16580_none_37f330a8ec2830b2\iexplore.exe
[2013/02/21 05:59:57 | 000,775,216 | ---- | M] (Microsoft Corporation) MD5=6554208814632C25C77EE02355EB8E95 -- C:\Windows\WinSxS\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.16599_none_37f363eaec2830b2\iexplore.exe
[2013/06/20 02:57:16 | 000,005,039 | ---- | M] () MD5=6B01115957AA1EAF500B2B6E6DAC99DF -- C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.20703_none_2b5c4ddf3a480c6f\iexplore.exe
[2013/06/20 02:57:10 | 000,005,024 | ---- | M] () MD5=6CB921D75634E90916C9D5C1305FA746 -- C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.20534_none_2b74d7cd3a353a33\iexplore.exe
[2013/06/20 01:54:54 | 000,006,281 | ---- | M] () MD5=6D3026B8B0B099E065E7E503053A14B8 -- C:\Windows\WinSxS\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.16433_none_37f8bacaec24e2f1\iexplore.exe
[2013/06/20 02:57:15 | 000,005,039 | ---- | M] () MD5=743054264B72B593147B5319964A4E97 -- C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.20644_none_2b6b082b3a3c6f7b\iexplore.exe
[2013/06/20 01:54:55 | 000,005,561 | ---- | M] () MD5=83DF5C0B15817153B1BBCD4C90B4BC95 -- C:\Windows\WinSxS\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.16484_none_37fda574ec207b45\iexplore.exe
[2013/06/20 02:57:12 | 000,005,692 | ---- | M] () MD5=893E3AB035EC43870722D0FDA0DDC46A -- C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.20557_none_2b7694093a33b9c4\iexplore.exe
[2013/06/20 01:55:01 | 000,003,063 | ---- | M] () MD5=89B086DE861FEAA452FB31D55F53A38C -- C:\Windows\WinSxS\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.20703_none_2107a38d05e74a74\iexplore.exe
[2013/06/20 02:57:04 | 000,006,706 | ---- | M] () MD5=8F5A7998AC2EB7762940AE3F615A6E1F -- C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.16384_none_425d1fb32079214f\iexplore.exe
[2013/06/20 01:54:55 | 000,006,269 | ---- | M] () MD5=913CE1160B13013902F7957AFA387506 -- C:\Windows\WinSxS\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.16453_none_37fabb5eec23159f\iexplore.exe
[2013/06/20 01:54:58 | 000,006,271 | ---- | M] () MD5=AADE363367677C6E546F0C7107BFB13D -- C:\Windows\WinSxS\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.20557_none_2121e9b705d2f7c9\iexplore.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\iexplore.exe
[2013/06/20 02:57:07 | 000,005,677 | ---- | M] () MD5=B94015C380AF00741399868024E58508 -- C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.16484_none_42524fc720813d40\iexplore.exe
[2013/06/20 01:55:00 | 000,003,063 | ---- | M] () MD5=C71B3D164A36C697BEFE47D9DA041524 -- C:\Windows\WinSxS\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.20684_none_211a5f0105d812dc\iexplore.exe
[2013/06/20 02:57:05 | 000,005,019 | ---- | M] () MD5=CA87C674ACB27E9AB352E75BB9D8912F -- C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.16433_none_424d651d2085a4ec\iexplore.exe
[2013/06/20 01:54:58 | 000,005,624 | ---- | M] () MD5=D425FD3577E82DE6F9F5DDA2413727DB -- C:\Windows\WinSxS\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.20544_none_21212dc505d3918f\iexplore.exe
[2013/06/20 01:54:59 | 000,006,274 | ---- | M] () MD5=D8069A530C7BC9D4F7A7BC54F31E92A8 -- C:\Windows\WinSxS\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.20624_none_21145d4505dd7ad2\iexplore.exe
[2013/06/20 02:57:14 | 000,005,644 | ---- | M] () MD5=DD00C9EC064ACCB80794E48734500EE0 -- C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.20624_none_2b6907973a3e3ccd\iexplore.exe
[2013/06/20 01:54:57 | 000,006,230 | ---- | M] () MD5=E4A1A63EE0C59BBA8CFEE075DC7F3571 -- C:\Windows\WinSxS\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.20534_none_21202d7b05d47838\iexplore.exe
[2013/02/21 04:28:11 | 000,770,608 | ---- | M] (Microsoft Corporation) MD5=E4F6125ED5185F8FA37CC4F449B85526 -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
[2013/02/21 04:28:11 | 000,770,608 | ---- | M] (Microsoft Corporation) MD5=E4F6125ED5185F8FA37CC4F449B85526 -- C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.16540_none_4243d9d3208c8d51\iexplore.exe
[2013/02/21 04:28:11 | 000,770,608 | ---- | M] (Microsoft Corporation) MD5=E4F6125ED5185F8FA37CC4F449B85526 -- C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.16580_none_4247dafb2088f2ad\iexplore.exe
[2013/02/21 04:28:11 | 000,770,608 | ---- | M] (Microsoft Corporation) MD5=E4F6125ED5185F8FA37CC4F449B85526 -- C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.16599_none_42480e3d2088f2ad\iexplore.exe
[2013/06/20 01:55:00 | 000,003,063 | ---- | M] () MD5=F32E8F1923FB92005FAB4CAB952F62A0 -- C:\Windows\WinSxS\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.20644_none_21165dd905dbad80\iexplore.exe
[2013/06/20 02:57:13 | 000,005,657 | ---- | M] () MD5=F3F5A82DE7E62A1AC4455AD349A46CF6 -- C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.20589_none_2b7967573a31390b\iexplore.exe
[2013/06/20 01:54:53 | 000,006,786 | ---- | M] () MD5=F683A9ADFA3F68974F8815101F171556 -- C:\Windows\WinSxS\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.16384_none_38087560ec185f54\iexplore.exe

< MD5 for: IEXPLORE.EXE.MUI >
[2012/07/26 00:49:06 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=4C724BBF739D40D8AA3023943F3450A7 -- C:\Program Files (x86)\Internet Explorer\en-US\iexplore.exe.mui
[2012/07/26 00:49:06 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=4C724BBF739D40D8AA3023943F3450A7 -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui
[2012/07/26 00:49:06 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=4C724BBF739D40D8AA3023943F3450A7 -- C:\Windows\WinSxS\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_10.0.9200.16384_en-us_31b50ad823c5a03b\iexplore.exe.mui
[2012/07/26 00:49:06 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=4C724BBF739D40D8AA3023943F3450A7 -- C:\Windows\WinSxS\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_10.0.9200.16384_en-us_3c09b52a58266236\iexplore.exe.mui

< MD5 for: IEXPLORE.EXE-4B6C9215.PF >
[2013/06/30 11:04:19 | 000,312,310 | ---- | M] () MD5=83AF44D902AA0EFC6F7C50CC4EADC75E -- C:\Windows\Prefetch\IEXPLORE.EXE-4B6C9215.pf

< MD5 for: IEXPLORE.EXE-908C99F8.PF >
[2013/06/30 11:04:10 | 000,098,992 | ---- | M] () MD5=095254E51A1A7F1849C1F7603AA9F2AC -- C:\Windows\Prefetch\IEXPLORE.EXE-908C99F8.pf

< MD5 for: SERVICES >
[2012/07/25 22:26:47 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\WinSxS\amd64_microsoft-windows-w..ucture-other-minwin_31bf3856ad364e35_6.2.9200.16384_none_8e0944daeed62829\services

< MD5 for: SERVICES.AIP >
[2012/11/21 01:09:36 | 000,476,824 | ---- | M] (Adobe Systems Incorporated) MD5=456C45B1A2ECE8814987C4A4EA786413 -- C:\Program Files\Adobe\Adobe Illustrator CS6 (64 Bit)\Plug-ins\Extensions\Services.aip

< MD5 for: SERVICES.ASFX >
[2013/05/10 00:57:50 | 000,002,626 | ---- | M] () MD5=8073B18DC740B965256CE0957E363AC5 -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Locale\fr_FR\Services\Services.asfx
[2013/05/10 00:57:52 | 000,002,655 | ---- | M] () MD5=ABFBB9D0398492D849690C344C1316BB -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Locale\de_DE\Services\Services.asfx

< MD5 for: SERVICES.CFG >
[2013/05/10 00:57:48 | 000,558,879 | ---- | M] () MD5=3679F8D3253DC110D1D8F2AE115EE00C -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Services\Services.cfg
[2010/10/25 15:13:46 | 000,032,633 | R--- | M] () MD5=EA1C35DD541D60819D55482130BD585D -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\services.cfg

< MD5 for: SERVICES.EXE >
[2013/06/20 02:24:56 | 000,001,252 | ---- | M] () MD5=28A748693ED81F361519D3734117FC90 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_6.2.9200.20521_none_98a9ea2e9f571eb2\services.exe
[2012/09/19 23:33:46 | 000,410,624 | ---- | M] (Microsoft Corporation) MD5=8F226143046435C75C033B0C52E90FFE -- C:\WINDOWS\SysNative\services.exe
[2012/09/19 23:33:46 | 000,410,624 | ---- | M] (Microsoft Corporation) MD5=8F226143046435C75C033B0C52E90FFE -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_6.2.9200.16420_none_981f4d19863a6591\services.exe
[2013/06/20 02:24:55 | 000,038,189 | ---- | M] () MD5=94332D45E257C3AE040A227ACAD38919 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_6.2.9200.16384_none_97e26cd38667756c\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2012/07/26 00:48:33 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=8BCB19134E995FA62587DCE26E13B36C -- C:\WINDOWS\SysNative\en-US\services.exe.mui
[2012/07/26 00:48:33 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=8BCB19134E995FA62587DCE26E13B36C -- C:\Windows\WinSxS\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.2.9200.16384_en-us_c2c6ee7bafb963b8\services.exe.mui

< MD5 for: SERVICES.HTML >
[2009/08/18 20:46:56 | 000,008,438 | ---- | M] () MD5=E0B9A083F7176CA3376837F84969D074 -- C:\Users\RITTERBY\Desktop\FILES\6189\xhtml\services.html

< MD5 for: SERVICES.JS >
[2012/07/26 00:54:06 | 000,056,775 | ---- | M] () MD5=33C1E65B760A9589F6DE37F64941E449 -- C:\Program Files\WindowsApps\Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe\platform\js\services.js
[2012/07/26 00:53:58 | 000,056,775 | ---- | M] () MD5=33C1E65B760A9589F6DE37F64941E449 -- C:\Program Files\WindowsApps\Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe\platform\js\services.js
[2012/07/26 00:53:55 | 000,056,775 | ---- | M] () MD5=33C1E65B760A9589F6DE37F64941E449 -- C:\Program Files\WindowsApps\Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe\platform\js\services.js
[2012/07/26 00:54:33 | 000,056,775 | ---- | M] () MD5=33C1E65B760A9589F6DE37F64941E449 -- C:\Program Files\WindowsApps\Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe\platform\js\services.js
[2012/07/26 00:54:01 | 000,056,775 | ---- | M] () MD5=33C1E65B760A9589F6DE37F64941E449 -- C:\Program Files\WindowsApps\Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe\platform\js\services.js
[2012/12/14 22:20:20 | 000,069,359 | ---- | M] () MD5=6AA9F10CF05F9848EFAA91062BBEB586 -- C:\Program Files\WindowsApps\Microsoft.BingNews_1.7.0.27_x64__8wekyb3d8bbwe\common\js\services.js
[2012/12/14 22:22:03 | 000,069,359 | ---- | M] () MD5=6AA9F10CF05F9848EFAA91062BBEB586 -- C:\Program Files\WindowsApps\Microsoft.BingSports_1.7.0.26_x64__8wekyb3d8bbwe\common\js\services.js
[2012/12/14 22:16:45 | 000,069,359 | ---- | M] () MD5=6AA9F10CF05F9848EFAA91062BBEB586 -- C:\Program Files\WindowsApps\Microsoft.BingWeather_1.7.0.26_x64__8wekyb3d8bbwe\common\js\services.js

< MD5 for: SERVICES.LNK >
[2012/07/25 13:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2012/07/25 13:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2012/07/25 13:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2012/07/25 13:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows\WinSxS\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.2.9200.16384_none_282d8a08cf7f1ada\services.lnk

< MD5 for: SERVICES.MOF >
[2012/06/02 07:35:05 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\WINDOWS\SysNative\wbem\services.mof
[2012/06/02 07:35:05 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.2.9200.16384_none_282967cc570d3701\services.mof

< MD5 for: SERVICES.MSC >
[2012/07/26 00:48:57 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\WINDOWS\SysNative\en-US\services.msc
[2012/06/02 07:31:20 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\WINDOWS\SysNative\services.msc
[2012/07/26 00:48:57 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\SysWOW64\en-US\services.msc
[2012/06/02 07:31:13 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\SysWOW64\services.msc
[2012/07/26 00:48:57 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.2.9200.16384_en-us_fd08be678622fdab\services.msc
[2012/06/02 07:31:20 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\WinSxS\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.2.9200.16384_none_282d8a08cf7f1ada\services.msc
[2012/06/02 07:31:13 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\WinSxS\wow64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.2.9200.16384_none_3282345b03dfdcd5\services.msc
[2012/07/26 00:48:57 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\WinSxS\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.2.9200.16384_en-us_a0ea22e3cdc58c75\services.msc

< MD5 for: SERVICES.PTXML >
[2012/07/25 13:30:54 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\WINDOWS\SysNative\wdi\perftrack\Services.ptxml
[2012/07/25 13:30:54 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.2.9200.16384_none_282967cc570d3701\Services.ptxml

< MD5 for: SERVICES.RDB >
[2012/08/13 10:51:02 | 000,178,348 | ---- | M] () MD5=039C8CFBD74EE07F38CD9E4C7D95C5C6 -- C:\Program Files (x86)\OpenOffice.org 3\Basis\program\services.rdb
[2012/08/13 10:51:02 | 000,000,453 | ---- | M] () MD5=3D2ADA15FEF5B5FF468243161543D610 -- C:\Program Files (x86)\OpenOffice.org 3\program\services.rdb
[2012/08/10 15:12:16 | 000,008,060 | ---- | M] () MD5=7CA7D7150EC46321162F932ADCF5F35B -- C:\Program Files (x86)\OpenOffice.org 3\URE\misc\services.rdb

< MD5 for: SERVICES.TICO >
[2009/09/25 14:00:00 | 000,002,038 | ---- | M] () MD5=D669B1B2EBE288A61680C3C863828D28 -- C:\Program Files (x86)\TuneUp Utilities 2013\data\services.tico

< MD5 for: WINLOGON.ADML >
[2012/07/26 00:49:05 | 000,008,017 | ---- | M] () MD5=C270056255498A723E7331EFF1AA162F -- C:\Windows\PolicyDefinitions\en-US\WinLogon.adml
[2012/07/26 00:49:05 | 000,008,017 | ---- | M] () MD5=C270056255498A723E7331EFF1AA162F -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon-adm.resources_31bf3856ad364e35_6.2.9200.16384_en-us_edcdb8ec66a62fc0\WinLogon.adml

< MD5 for: WINLOGON.ADMX >
[2012/06/02 07:34:22 | 000,005,237 | ---- | M] () MD5=89D8F50E186A16C2CED3CF36DBBC0B2C -- C:\Windows\PolicyDefinitions\WinLogon.admx
[2012/06/02 07:34:22 | 000,005,237 | ---- | M] () MD5=89D8F50E186A16C2CED3CF36DBBC0B2C -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon-adm_31bf3856ad364e35_6.2.9200.16384_none_d3d704270306719d\WinLogon.admx

< MD5 for: WINLOGON.EXE >
[2013/06/20 02:42:55 | 000,053,889 | ---- | M] () MD5=008B4638D293CBF7DFB35AA1F4AAC46E -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16384_none_c88ca87b5eb5b1ec\winlogon.exe
[2013/06/20 02:42:56 | 000,053,884 | ---- | M] () MD5=110F33FE3BA7494C9F1B479792A3A9CF -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.20521_none_c95425d677a55b32\winlogon.exe
[2013/06/20 02:42:56 | 000,001,620 | ---- | M] () MD5=5491DEB810ABB2D7D16CBCDA689301D4 -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.20534_none_c94c56c877aac328\winlogon.exe
[2013/06/20 02:42:55 | 000,053,876 | ---- | M] () MD5=79E8F3F5E1101555DEE86915BB91D047 -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16420_none_c8c988c15e88a211\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2012/10/10 22:46:58 | 000,517,120 | ---- | M] (Microsoft Corporation) MD5=BCF2036A0DD579E47C008C133550283E -- C:\WINDOWS\SysNative\winlogon.exe
[2012/10/10 22:46:58 | 000,517,120 | ---- | M] (Microsoft Corporation) MD5=BCF2036A0DD579E47C008C133550283E -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16433_none_c8c1b9b35e8e0a07\winlogon.exe

< MD5 for: WINLOGON.EXE.MUI >
[2012/07/26 00:48:51 | 000,024,064 | ---- | M] (Microsoft Corporation) MD5=B9094B7088CD579E5AED57A693F9BFBD -- C:\WINDOWS\SysNative\en-US\winlogon.exe.mui
[2012/07/26 00:48:51 | 000,024,064 | ---- | M] (Microsoft Corporation) MD5=B9094B7088CD579E5AED57A693F9BFBD -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.2.9200.16384_en-us_23c238ef8ddaa831\winlogon.exe.mui

< MD5 for: WINLOGON.MFL >
[2012/07/26 00:48:52 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\WINDOWS\SysNative\wbem\en-US\winlogon.mfl
[2012/07/26 00:48:52 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon-mof.resources_31bf3856ad364e35_6.2.9200.16384_en-us_81848abaa91301c6\winlogon.mfl

< MD5 for: WINLOGON.MOF >
[2012/07/25 13:30:16 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\WINDOWS\SysNative\wbem\winlogon.mof
[2012/07/25 13:30:16 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon-mof_31bf3856ad364e35_6.2.9200.16384_none_d9027134ffac135f\winlogon.mof

< %SYSTEMDRIVE%\*.* >
[2013/06/28 06:24:48 | 000,187,934 | ---- | M] () -- C:\bdlog.txt
[2012/08/15 15:28:18 | 002,510,608 | -H-- | M] () -- C:\bdr-bz01
[2012/11/12 00:36:55 | 000,000,684 | -H-- | M] () -- C:\bdr-cf01
[2012/10/19 12:17:29 | 037,133,532 | -H-- | M] () -- C:\bdr-im01.gz
[2012/11/12 00:36:55 | 000,253,404 | -H-- | M] () -- C:\bdr-ld01
[2012/11/12 00:36:55 | 000,009,216 | -H-- | M] () -- C:\bdr-ld01.mbr
[2012/06/02 07:30:55 | 000,000,001 | -HS- | M] () -- C:\BOOTNXT
[2012/09/04 22:41:48 | 000,005,288 | ---- | M] () -- C:\Dfine2.config
[2013/06/19 14:30:03 | 000,000,000 | ---- | M] () -- C:\end
[2013/06/28 06:25:29 | 1275,068,416 | -HS- | M] () -- C:\pagefile.sys
[2012/11/11 11:06:22 | 000,000,090 | ---- | M] () -- C:\setup.log
[2013/06/28 06:25:29 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys

< %systemroot%\Fonts\*.com >
[2012/11/11 11:25:05 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2012/11/11 11:25:05 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2012/11/11 11:25:05 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2012/11/11 11:25:05 | 000,043,318 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2012/07/26 01:11:41 | 000,000,065 | ---- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2012/07/26 01:11:35 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
[2012/09/12 00:43:30 | 000,053,633 | RHS- | M] () -- C:\Program Files (x86)\DLS8Uninstall.log

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C has no label.
Volume Serial Number is 7A78-DE5A
Directory of C:\
07/26/2012 12:22 AM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
07/26/2012 12:22 AM <JUNCTION> Application Data [C:\ProgramData]
07/26/2012 12:22 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/26/2012 12:22 AM <JUNCTION> Documents [C:\Users\Public\Documents]
11/11/2012 11:31 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/26/2012 12:22 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/26/2012 12:22 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
07/26/2012 12:22 AM <SYMLINKD> All Users [C:\ProgramData]
07/26/2012 12:22 AM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
07/26/2012 12:22 AM <JUNCTION> Application Data [C:\ProgramData]
07/26/2012 12:22 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/26/2012 12:22 AM <JUNCTION> Documents [C:\Users\Public\Documents]
11/11/2012 11:31 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/26/2012 12:22 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/26/2012 12:22 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default
07/26/2012 12:22 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
07/26/2012 12:22 AM <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
07/26/2012 12:22 AM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
07/26/2012 12:22 AM <JUNCTION> My Documents [C:\Users\Default\Documents]
07/26/2012 12:22 AM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/26/2012 12:22 AM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/26/2012 12:22 AM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/26/2012 12:22 AM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/26/2012 12:22 AM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/26/2012 12:22 AM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
07/26/2012 12:22 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
07/26/2012 12:22 AM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
07/26/2012 12:22 AM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
07/26/2012 12:22 AM <JUNCTION> My Music [C:\Users\Default\Music]
07/26/2012 12:22 AM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
07/26/2012 12:22 AM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Default.migrated\Documents
07/13/2009 10:08 PM <JUNCTION> My Music [C:\Users\Default\Music]
07/13/2009 10:08 PM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
07/13/2009 10:08 PM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
07/26/2012 12:22 AM <JUNCTION> My Music [C:\Users\Public\Music]
07/26/2012 12:22 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/26/2012 12:22 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Users\RITTERBY
11/11/2012 11:27 AM <JUNCTION> Application Data [C:\Users\RITTERBY\AppData\Roaming]
11/11/2012 11:27 AM <JUNCTION> Cookies [C:\Users\RITTERBY\AppData\Roaming\Microsoft\Windows\Cookies]
11/11/2012 11:27 AM <JUNCTION> Local Settings [C:\Users\RITTERBY\AppData\Local]
11/11/2012 11:27 AM <JUNCTION> My Documents [C:\Users\RITTERBY\Documents]
11/11/2012 11:27 AM <JUNCTION> NetHood [C:\Users\RITTERBY\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
11/11/2012 11:27 AM <JUNCTION> PrintHood [C:\Users\RITTERBY\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
11/11/2012 11:27 AM <JUNCTION> Recent [C:\Users\RITTERBY\AppData\Roaming\Microsoft\Windows\Recent]
11/11/2012 11:27 AM <JUNCTION> SendTo [C:\Users\RITTERBY\AppData\Roaming\Microsoft\Windows\SendTo]
11/11/2012 11:27 AM <JUNCTION> Start Menu [C:\Users\RITTERBY\AppData\Roaming\Microsoft\Windows\Start Menu]
11/11/2012 11:27 AM <JUNCTION> Templates [C:\Users\RITTERBY\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\RITTERBY\AppData\Local
11/11/2012 11:27 AM <JUNCTION> Application Data [C:\Users\RITTERBY\AppData\Local]
11/11/2012 11:27 AM <JUNCTION> History [C:\Users\RITTERBY\AppData\Local\Microsoft\Windows\History]
11/11/2012 11:27 AM <JUNCTION> Temporary Internet Files [C:\Users\RITTERBY\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\RITTERBY\Documents
11/11/2012 11:27 AM <JUNCTION> My Music [C:\Users\RITTERBY\Music]
11/11/2012 11:27 AM <JUNCTION> My Pictures [C:\Users\RITTERBY\Pictures]
11/11/2012 11:27 AM <JUNCTION> My Videos [C:\Users\RITTERBY\Videos]
0 File(s) 0 bytes
Directory of C:\Users\UpdatusUser
11/11/2012 11:27 AM <JUNCTION> Application Data [C:\Users\UpdatusUser\AppData\Roaming]
11/11/2012 11:27 AM <JUNCTION> Cookies [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Cookies]
11/11/2012 11:27 AM <JUNCTION> Local Settings [C:\Users\UpdatusUser\AppData\Local]
11/11/2012 11:27 AM <JUNCTION> My Documents [C:\Users\UpdatusUser\Documents]
11/11/2012 11:27 AM <JUNCTION> NetHood [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
11/11/2012 11:27 AM <JUNCTION> PrintHood [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
11/11/2012 11:27 AM <JUNCTION> Recent [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Recent]
11/11/2012 11:27 AM <JUNCTION> SendTo [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\SendTo]
11/11/2012 11:27 AM <JUNCTION> Start Menu [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu]
11/11/2012 11:27 AM <JUNCTION> Templates [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\UpdatusUser\AppData\Local
11/11/2012 11:27 AM <JUNCTION> Application Data [C:\Users\UpdatusUser\AppData\Local]
11/11/2012 11:27 AM <JUNCTION> History [C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\History]
11/11/2012 11:27 AM <JUNCTION> Temporary Internet Files [C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\UpdatusUser\Documents
11/11/2012 11:27 AM <JUNCTION> My Music [C:\Users\UpdatusUser\Music]
11/11/2012 11:27 AM <JUNCTION> My Pictures [C:\Users\UpdatusUser\Pictures]
11/11/2012 11:27 AM <JUNCTION> My Videos [C:\Users\UpdatusUser\Videos]
0 File(s) 0 bytes
Directory of C:\Windows.old
07/13/2009 10:08 PM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users
07/13/2009 10:08 PM <SYMLINKD> All Users [C:\ProgramData]
07/13/2009 10:08 PM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\All Users
07/26/2012 12:22 AM <JUNCTION> Application Data [C:\ProgramData]
07/26/2012 12:22 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/26/2012 12:22 AM <JUNCTION> Documents [C:\Users\Public\Documents]
11/11/2012 11:31 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/26/2012 12:22 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/26/2012 12:22 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\Default
07/13/2009 10:08 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
07/13/2009 10:08 PM <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
07/13/2009 10:08 PM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
07/13/2009 10:08 PM <JUNCTION> My Documents [C:\Users\Default\Documents]
07/13/2009 10:08 PM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/13/2009 10:08 PM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/13/2009 10:08 PM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/13/2009 10:08 PM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/13/2009 10:08 PM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/13/2009 10:08 PM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\Default\AppData\Local
07/13/2009 10:08 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
07/13/2009 10:08 PM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
07/13/2009 10:08 PM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\Default\Documents
07/13/2009 10:08 PM <JUNCTION> My Music [C:\Users\Default\Music]
07/13/2009 10:08 PM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
07/13/2009 10:08 PM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\Public\Documents
07/13/2009 10:08 PM <JUNCTION> My Music [C:\Users\Public\Music]
07/13/2009 10:08 PM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/13/2009 10:08 PM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\RITTERBY
07/05/2012 10:52 AM <JUNCTION> Application Data [C:\Users\RITTERBY\AppData\Roaming]
07/05/2012 10:52 AM <JUNCTION> Cookies [C:\Users\RITTERBY\AppData\Roaming\Microsoft\Windows\Cookies]
07/05/2012 10:52 AM <JUNCTION> Local Settings [C:\Users\RITTERBY\AppData\Local]
07/05/2012 10:52 AM <JUNCTION> My Documents [C:\Users\RITTERBY\Documents]
07/05/2012 10:52 AM <JUNCTION> NetHood [C:\Users\RITTERBY\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/05/2012 10:52 AM <JUNCTION> PrintHood [C:\Users\RITTERBY\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/05/2012 10:52 AM <JUNCTION> Recent [C:\Users\RITTERBY\AppData\Roaming\Microsoft\Windows\Recent]
07/05/2012 10:52 AM <JUNCTION> SendTo [C:\Users\RITTERBY\AppData\Roaming\Microsoft\Windows\SendTo]
07/05/2012 10:52 AM <JUNCTION> Start Menu [C:\Users\RITTERBY\AppData\Roaming\Microsoft\Windows\Start Menu]
07/05/2012 10:52 AM <JUNCTION> Templates [C:\Users\RITTERBY\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\RITTERBY\AppData\Local
07/05/2012 10:52 AM <JUNCTION> Application Data [C:\Users\RITTERBY\AppData\Local]
07/05/2012 10:52 AM <JUNCTION> History [C:\Users\RITTERBY\AppData\Local\Microsoft\Windows\History]
07/05/2012 10:52 AM <JUNCTION> Temporary Internet Files [C:\Users\RITTERBY\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\RITTERBY\Documents
07/05/2012 10:52 AM <JUNCTION> My Music [C:\Users\RITTERBY\Music]
07/05/2012 10:52 AM <JUNCTION> My Pictures [C:\Users\RITTERBY\Pictures]
07/05/2012 10:52 AM <JUNCTION> My Videos [C:\Users\RITTERBY\Videos]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\UpdatusUser
07/09/2012 11:15 AM <JUNCTION> Application Data [C:\Users\UpdatusUser\AppData\Roaming]
07/09/2012 11:15 AM <JUNCTION> Cookies [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Cookies]
07/09/2012 11:15 AM <JUNCTION> Local Settings [C:\Users\UpdatusUser\AppData\Local]
07/09/2012 11:15 AM <JUNCTION> My Documents [C:\Users\UpdatusUser\Documents]
07/09/2012 11:15 AM <JUNCTION> NetHood [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/09/2012 11:15 AM <JUNCTION> PrintHood [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/09/2012 11:15 AM <JUNCTION> Recent [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Recent]
07/09/2012 11:15 AM <JUNCTION> SendTo [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\SendTo]
07/09/2012 11:15 AM <JUNCTION> Start Menu [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu]
07/09/2012 11:15 AM <JUNCTION> Templates [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\UpdatusUser\AppData\Local
07/09/2012 11:15 AM <JUNCTION> Application Data [C:\Users\UpdatusUser\AppData\Local]
07/09/2012 11:15 AM <JUNCTION> History [C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\History]
07/09/2012 11:15 AM <JUNCTION> Temporary Internet Files [C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\UpdatusUser\Documents
07/09/2012 11:15 AM <JUNCTION> My Music [C:\Users\UpdatusUser\Music]
07/09/2012 11:15 AM <JUNCTION> My Pictures [C:\Users\UpdatusUser\Pictures]
07/09/2012 11:15 AM <JUNCTION> My Videos [C:\Users\UpdatusUser\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
129 Dir(s) 30,628,429,824 bytes free

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2012/07/07 11:20:28 | 000,000,221 | -HS- | M] () -- C:\Users\RITTERBY\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop (1).ini
[2012/07/26 01:12:22 | 000,000,148 | -HS- | M] () -- C:\Users\RITTERBY\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2013/06/26 00:25:12 | 000,377,856 | ---- | M] () -- C:\Users\RITTERBY\Desktop\h16d537c.exe
[2013/06/24 14:20:59 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\RITTERBY\Desktop\HiJackThis.exe
[2013/06/24 14:35:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\RITTERBY\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >

#10 ----------------

SuperMember

Authentic Member
1,095 posts

Posted 01 July 2013 - 07:33 AM

Due to the fact you´re using cracked/illegal software on this computer, this topic is closed now.

Proud Member of UNITE & TB

Body Background

skin color theme